Hi,
I find the way that wireshark can handle TCP streams very usefull.
However I work a lot with `fw monitor` capture files and then I find that TCP stream are harder to distinguish.
Is there a way to add the TCP stream logic with the details you can get in regard to the FW-1 details that are hidden in the layer-2 details?
For now I determine the interfaces in use by hand and then split the single `fw monitor` into 4 files.
Would it be possible to combine the "follow TCP stream" option with following only the relevant measuring point in the Check Point firewall?
Regards,
Hugo
Met vriendelijke groet,
With kind regards,
Hugo van der Kooij
support engineer
Qi ict
Delftechpark 35-37
Postbus 402, 2600 AK Delft
T : +31 15 888 0 345
F : +31 15 888 0 445
E : mailto:hugo.van.der.kooij@xxxxx
I : http://www.qi.nl