tcpdump mailing list archives
Re: capturing packets with CRC errors
From: Michael Ang <mang () subcarrier org>
Date: Sun, 15 Dec 2002 18:22:19 -0500
Someone also pointed out to me offlist that packets with IP checksum errors should be dropped by any intermediate routers (although that may not necessarily happen in practice). So an IP checksum mismatch should only be seen if the corruption happens between the last router and the sniffer.
- Mike.
Guy Harris wrote:
On Thu, Dec 12, 2002 at 08:55:40PM -0500, Michael Ang wrote:I of course meant checksum instead of CRC for IP and TCP. Looking at the code for tcpdump it seems that those checksums are passed intact through pcap as they appear on the wire (i.e. packets are not rejected based on IP or TCP checksum errors).Correct. libpcap pays no attention whatsoever to the IP or TCP (or UDP, or SCTP, or ...) checksum - in link layers where the checksum happens to be supplied (PPP in some cases, and some LANs on some versions of some OSes, I think), it doesn't even pay attention to that. Tcpdump pays attention to them only by checking the IP, TCP, and UDP checksums, if present, reporting whether they're valid. (It does so for IP headers only if the entire IP header was captured, and does so for TCP and UDP only if the the entire packet was captured and the packet isn't fragmented at the IP layer.)
- This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- capturing packets with CRC errors Michael Ang (Dec 12)
- Re: capturing packets with CRC errors Michael Ang (Dec 12)
- Re: capturing packets with CRC errors Guy Harris (Dec 12)
- Re: capturing packets with CRC errors Michael Ang (Dec 15)
- Re: capturing packets with CRC errors Hannes Gredler (Dec 17)
- Re: capturing packets with CRC errors Guy Harris (Dec 12)
- Re: capturing packets with CRC errors Michael Ang (Dec 12)