TCP checksum filtering, -b flag in documentation

["Greg Weiss" <gregw_lists () fastmail fm>]

On Fri, 30 Jul 2004 12:12:50 -0700, "Guy Harris" <guy () alum mit edu>
said:
> On Jul 30, 2004, at 10:14 AM, Greg Weiss wrote:
>
> > Is there a way to command-line filter tcpdump so that only packets with
> > bad TCP checksums are dumped?
>
> No.
>
> [...explanation of how tcpdump could conceivably be altered...]

Interesting; thanks.

> > P.S. Sentence 2 in the man page should refer to the -r flag, not the -b
> > flag, right?
>
> In tcpdump 3.7.2 and later, it *does* refer to the "-r" flag; it 
> referred to "-b" in 3.7.1, but 3.7.2 fixes a problem in the ISAKMP 
> parser for which there's a security advisory.  The current version is 
> 3.8.3; hopefully no current version of any OS is shipping 3.7.1.

Ah, figured it might be something like that with a year-old OS.  But
when 
I saw the documentation at http://www.tcpdump.org/tcpdump_man.html 
also saying -b, I figured I'd ask.  (Someone might want to update
that...)

  --Greg
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.