Re: tcpdump & bad tcp checksum
Thu, 24 Jul 1997 11:00:38 +0200

"SethMeister G." <> writes:
>Hi guys,
> Just wanted to know why, if the kernel says that there was a packet with
>an invalid tcp checksum, that when I do a tcpdump and grab all the tcp
>segments, tcpdump does not say that an invalid checksum was found (and
>yes, I am using -v)...

tcpdump only grabs the first few bytes of a packet (by default).
Without the whole packet it is impossible to check the tcp checksum.
You can ask tcpdump to grab more of the packet if you want, but it
will slow it down considerably. This may not be an issue.
Having said that, I don't think tcpdump will check the tcp checksum
even if it has the whole packet. If you want it to you'll probably
have to go in and modify the tcpdump sources.

Eric Schenk                               www:
Dept. of Comp. Sci., Lund University          email:
Box 118, S-221 00 LUND, Sweden   fax: +46-46 13 10 21  ph: +46-46 222 96 38