​​​Max Capture: Know Your Packets    Tips, Tricks & Best Practices

by Timothy C. Hall

Check Point Instructor and Author of Book "Max Power 2020: Check Point Firewall Performance Optimization", and the instructor for the "IPS Immersion" & "Gaia 3.10 Immersion" Video Series

A Self-paced Lecture & Lab-based Video Course

Release date: February 3, 2021
Total Video Length: 6 hours, 40 minutes in 14 separate modules

Lecture Video Length: 5 hours, 20 minutes

Live Lab Exercises Video Length: 1 hour, 20 minutes
Versions Covered: R80.40 w/ Gaia 3.10 & R81

(almost all material will apply to older releases and the Gaia kernel 2.6.18 as well)
Video Format: DRM-free mp4 (H.264 - MPEG 4)
Video Resolution: FullHD (1920x1080)

DRM-free PDF document length: 123 pages 

Language: English

Prerequisites: Basic Systems & Networking Knowledge; In-depth Knowledge of Protocols Ethernet, TCP/IP, and IP Routing a plus

Buy Now

Nothing Cuts Through the "Finger-Pointing" Drama Like a Good Packet Capture.


Through a series of recorded lecture & lab segments, one of the most experienced and knowledgeable Check Point instructors in the world takes you step by step through selecting the right tool to perform packet captures, and how to analyze them.  Best practices for minimizing the performance impact on the firewall while taking a capture is a major focus of this course, along with using the correct capturing tool for the job at hand. 

You will learn about:

  • What Problems Firewall Packet Captures Can Solve, and, Even More Importantly, What They Can NOT Help Solve
  • Little-known Feature Alternatives to Taking Packet Captures
  • The Four Basic Packet Capturing Tools Available on Check Point
  • A Full "Compare & Contrast" Between the Four Tools, and Which One Should be Used in a Specific Scenario
  • Special Cases Involving Scalable Platforms/Maestro & VSX
  • Direct Analysis of Packet Captures from the CLI
  • Live and File-based Analysis of Packet Captures with Wireshark
  • Best Practices to Minimize Packet Capturing Overhead on the Firewall
  • Use Cases for Unfiltered Captures
  • Over 10 pages of Equivalent Filtering Syntax Between the Four Capturing Tools and Wireshark
  • Advanced Troubleshooting of Network Address Translation & Performance Problems with Packet Captures
  • Troubleshooting the "Roach Motel" Scenario with Packet Captures and Other Related Tools
  • The Most Useful Statistical & Analysis Features of Wireshark in the Real World
  • Taking Packet Captures Beyond the Firewall with windump & RPCAPD
  • A Quick-Start "Cookbook" for Taking a Simple Capture with tcpdump

In addition to the videos, this course includes an unencumbered, DRM-free, searchable 123-page PDF document containing all content presented during the lecture segments and the lab instructions.  This PDF is a great future reference to quickly locate the content you require, instead of wasting your time trying to skip through videos to find it.  Unleash the power of packet captures on your Check Point firewall today!

           FAQ for Max Capture: Know Your Packets

Q: What types of firewall capturing & analysis tools are covered in the course?

  • fw monitor -e
  • fw monitor -F
  • tcpdump
  • cppcpap
  • Wireshark
  • ​cpmonitor

Q: What firewall models and code levels does the course cover?

R80.40 and R81 with the Gaia 3.10 kernel.  Differences associated with the older Gaia 2.6.18 kernel are noted.  Firewall appliances models 2200-28000 are the major focus of the class, but almost all content also applies to CloudGuard and most firewalls running in VMWare.  Embedded Gaia firewall models 600-1800 were not tested, but the capture operations should be similar.

Q: Are Scalable Platforms/Maestro and VSX covered?

While not the major focus of the class, limitations and additional capabilities specific to these platforms are noted in the class material.

Q: Do I need to watch all the videos, or is all the course content contained in the PDF document?

For the lecture segments, every effort is made to put as much of the content directly into the PDF to facilitate easy searching later.  However there are always off-the-cuff remarks and some additional context provided in the lecture segments that you may find helpful.  For the lab exercises, most of the key content is in the videos as the labs were recorded live in the Shadow Peak lab.  This is especially true of Lab 2 (troubleshooting the "roach motel"), which is in a break/fix style.  The troubleshooting scenarios to investigate in that lab are only one page in the PDF, but the lab video is over 42 minutes long.

Q: Why are there slight differences between the PDF shown in the recordings vs. the final one included with my purchase?

There were changes made to the final edition of the PDF after recording was already complete.  These changes were all minor and did not affect the flow of page numbers; those changes were:

  • Grammatical fixes
  • Addition of several new resources and SK references
  • Adding references to Maestro
  • Special case for capturing traffic on Wrp interfaces in VSX

Q: Is Max Capture: Know Your Packets available as a live online class?

Yes!  Max Capture was originally created as a private class for a large customer and has already been delivered that way several times.  While Shadow Peak has no current plans to offer public versions of this class, it can be scheduled as a private offering for a minimum of six attendees.  Please contact the sales alias via email at shadowpeak.com for more information.


Buy Now