tcpdump mailing list archives
TCP checksum filtering, -b flag in documentation
From: "Greg Weiss" <gregw_lists () fastmail fm>
Date: Mon, 02 Aug 2004 09:54:07 -0400
On Fri, 30 Jul 2004 12:12:50 -0700, "Guy Harris" <guy () alum mit edu> said:
On Jul 30, 2004, at 10:14 AM, Greg Weiss wrote:Is there a way to command-line filter tcpdump so that only packets with bad TCP checksums are dumped?No. [...explanation of how tcpdump could conceivably be altered...]
Interesting; thanks.
P.S. Sentence 2 in the man page should refer to the -r flag, not the -b flag, right?In tcpdump 3.7.2 and later, it *does* refer to the "-r" flag; it referred to "-b" in 3.7.1, but 3.7.2 fixes a problem in the ISAKMP parser for which there's a security advisory. The current version is 3.8.3; hopefully no current version of any OS is shipping 3.7.1.
Ah, figured it might be something like that with a year-old OS. But when I saw the documentation at http://www.tcpdump.org/tcpdump_man.html also saying -b, I figured I'd ask. (Someone might want to update that...) --Greg - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- Better dumping of packets with bad TCP checksums? Greg Weiss (Jul 30)
- Re: Better dumping of packets with bad TCP checksums? Guy Harris (Jul 30)
- TCP checksum filtering, -b flag in documentation Greg Weiss (Aug 02)
- Re: Better dumping of packets with bad TCP checksums? Guy Harris (Jul 30)