Re: tcpdump & bad tcp checksum

Eric.Schenk@dna.lth.se
Thu, 24 Jul 1997 11:00:38 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Ingo Molnar: "Re: Soft metadata updates paper w/code"
Previous message: Mike Jagdis: "Re: question about M2 "feature""
Next in thread: Jes Degn Soerensen: "Re: tcpdump & bad tcp checksum"
Reply: Jes Degn Soerensen: "Re: tcpdump & bad tcp checksum"

"SethMeister G." <shaggy@jade.cs.binghamton.edu> writes:
>Hi guys,
>
> Just wanted to know why, if the kernel says that there was a packet with
>an invalid tcp checksum, that when I do a tcpdump and grab all the tcp
>segments, tcpdump does not say that an invalid checksum was found (and
>yes, I am using -v)...

tcpdump only grabs the first few bytes of a packet (by default).
Without the whole packet it is impossible to check the tcp checksum.
You can ask tcpdump to grab more of the packet if you want, but it
will slow it down considerably. This may not be an issue.
Having said that, I don't think tcpdump will check the tcp checksum
even if it has the whole packet. If you want it to you'll probably
have to go in and modify the tcpdump sources.

-- 
Eric Schenk                               www: http://www.dna.lth.se/~erics
Dept. of Comp. Sci., Lund University          email: Eric.Schenk@dna.lth.se
Box 118, S-221 00 LUND, Sweden   fax: +46-46 13 10 21  ph: +46-46 222 96 38

Next message: Ingo Molnar: "Re: Soft metadata updates paper w/code"
Previous message: Mike Jagdis: "Re: question about M2 "feature""
Next in thread: Jes Degn Soerensen: "Re: tcpdump & bad tcp checksum"
Reply: Jes Degn Soerensen: "Re: tcpdump & bad tcp checksum"