What file extension should be used with fw monitor to allow the output file to be imported and read in WireShark?
What file extension should be used with fw monitor to allow the output file to be imported and read in WireShark?
When using fw monitor to output a file that will be imported and read in WireShark, the correct file extension to use is .pcap. The .pcap format is the standard format that Wireshark uses for saving and reading packet capture files.
fw monitor -e 'accept (src=172.25.16.14) or (dst=172.25.16.87);' -m iIoO -o wireshark.pcap
It should be A. See question #70 or https://support.checkpoint.com/results/sk/sk30583. .pcap is the Wireshark format with which Wireshark saves its captures
Correct answer is D, it should be pcap
I think the best answer is .pcap see the reference below. https://www.wireshark.org/docs/wsdg_html_chunked/ChWorksCaptureFiles.html
When writing fw monitor packet capture data to a file, use the .cap extension in order for Wireshark to automatically associate with it.