Wireshark mailing list archives
Re: Capturing only packets with bad TCP Checksum
From: Guy Harris <guy () alum mit edu>
Date: Mon, 5 Nov 2012 13:47:12 -0800
On Nov 5, 2012, at 1:34 PM, Martin Isaksson <martin.isaksson () ericsson com> wrote:
Is there any way of creating a capturing filter to only get packets that have a bad TCP checksum?
Unfortunately, no - in-kernel BPF doesn't support backward branches, so a BPF program that can do filtering in the kernel can't calculate a checksum, and, even though it might be possible to have a BPF program to calculate checksums in userland, the capture-filter-to-BPF compiler in libpcap doesn't have a way of expressing that. ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Capturing only packets with bad TCP Checksum Martin Isaksson (Nov 05)
- Re: Capturing only packets with bad TCP Checksum Guy Harris (Nov 05)
- Re: Capturing only packets with bad TCP Checksum Martin Isaksson (Nov 06)
- Re: Capturing only packets with bad TCP Checksum Guy Harris (Nov 05)