If you saved the tcpdump output and later you need to correct the bad checksums then you can do one of the following: (29)ġ7:06:09.355431 IP (tos 0x0, ttl 64, id 0, offset 0, flags, proto UDP (17), length 57)įor the sake of performance, remember to turn TCO back on after each tcpdump execution. $ sudo tcpdump -i eth0 -vvv -nn udp dst port 53 So, just to proove my point, here is a tcpdump output while monitoring DNS traffic (udp/53) That’s why you only see errors in tcpdump and your network traffic works ok. This is caused because you have checksum offloading on your network card (NIC) and tcpdump reads IP packets from the Linux kernel right before the actual checksum takes place in the NIC’s chipset. If you’ve ever tried to trace a UDP or TCP stream by using the tcpdump tool on Linux then you may have noticed that all, or at least most, packets indicate checksum errors.
0 Comments
Leave a Reply. |