Source From Here
Preface
If you capture packets using tcpdump directly from the server, your capture file may contain bad checksums. This is because your OS is currently configured to use the hardware checksum offloading feature of the NIC. When this feature is enabled, expecting the NIC to rewrite the checksums, OS doesn't bother to fill (nor to reset) in the checksum fields. The problem is that tcpdump is capturing the packets before the checksums are rewritten by the NIC.
How-To
Use the following command to turn off the checksum offloading before using tcpdump (on ubuntu).
If you already have a capture file not usable due to the wrong checksums, use the following command to repair the file.
Or
Preface
If you capture packets using tcpdump directly from the server, your capture file may contain bad checksums. This is because your OS is currently configured to use the hardware checksum offloading feature of the NIC. When this feature is enabled, expecting the NIC to rewrite the checksums, OS doesn't bother to fill (nor to reset) in the checksum fields. The problem is that tcpdump is capturing the packets before the checksums are rewritten by the NIC.
How-To
Use the following command to turn off the checksum offloading before using tcpdump (on ubuntu).
If you already have a capture file not usable due to the wrong checksums, use the following command to repair the file.
Or
沒有留言:
張貼留言