tcpdump only grabs the first few bytes of a packet (by default).
Without the whole packet it is impossible to check the tcp checksum.
You can ask tcpdump to grab more of the packet if you want, but it
will slow it down considerably. This may not be an issue.
Having said that, I don't think tcpdump will check the tcp checksum
even if it has the whole packet. If you want it to you'll probably
have to go in and modify the tcpdump sources.
-- Eric Schenk www: http://www.dna.lth.se/~erics Dept. of Comp. Sci., Lund University email: Eric.Schenk@dna.lth.se Box 118, S-221 00 LUND, Sweden fax: +46-46 13 10 21 ph: +46-46 222 96 38