cpmonitor
Description
The CPMonitor tool analyzes traffic captured by the TCPdump, the Check Point FW Monitor (see fw monitor).
The CPMonitor tool parses the input traffic capture file and extracts valuable information from it, including:
-
Overall traffic statistics (pps, cps, concurrent, throughput)
-
Top connections, top servers and top services
-
Detailed connections, servers and services (with packet size distribution)
-
Per second analysis
When analyzing the captured traffic, the CPMonitor tool can run in one of these modes: Complete or Navigate, producing different insights.
For more information, see sk132193.
|
|
Important:
|
Syntax
|
|
|
|
Parameters
You can specify several parameters.
|
Parameter |
Description |
||
|---|---|---|---|
|
|
Specifies the path to the traffic capture file to be analyzed. |
||
|
|
Specifies the size of the Connections Table - an integer number of entries that the Connections Table can hold. Default = 10,000,000 Maximum = 200,000,000 |
||
|
|
Saves a timeline graph in the specified file (automatically adds the CSV extension):
|
||
|
|
Navigates through the traffic capture file. Creates a report for the first second of the traffic capture file, allows navigation across the file, and increases the window size to cover more than one second. This mode allows better understanding of traffic bursts and peaks, which may have occurred during the capture.
|
||
|
|
Saves the report in the specified file (automatically adds the TXT extension):
|
||
|
|
Quiet mode, no output on stdout. Only saves the information in the output file(s). |
||
|
|
Configures the sorting method for top entities:
|
||
|
|
Saves the entire tables in these files:
This parameter creates detailed CSV files that contain all the connections, servers, and services. This gives you a complete picture of the entire traffic (not just the top connections). |
||
|
|
Verbose mode. |
||
|
|
Shows the " |
