Re: tcpdump & bad tcp checksum

Jes Degn Soerensen (
24 Jul 1997 11:24:10 +0200

>>>>> "Eric" == Eric Schenk <> writes:

Eric> "SethMeister G." <> writes:
>> Hi guys,
>> Just wanted to know why, if the kernel says that there was a packet
>> with an invalid tcp checksum, that when I do a tcpdump and grab all
>> the tcp segments, tcpdump does not say that an invalid checksum was
>> found (and yes, I am using -v)...

Eric> tcpdump only grabs the first few bytes of a packet (by default).

Ehhhmmm, tcpdump for Linux tend to grab the full packet rather than
just the header, just checked libpcap-0.4a1 and its still like
that. Yup this is bad, especially for `large' MTU networks such as
FDDI, and I guess we should do something about this at some point.