TCPDump – Check Point sub-interface with VLAN

To capture traffic on a Check Point gateway where the interface is a sub interface with a VLAN tag, run the following command.

tcpdump -i <physical\logical interface name> vlan <VLAN tag>

For example, to capture traffic from VLAN 250 on interface eth3c7, the command would be:

tcpdump -i eth3c7 vlan 250