On Fri, 30 Jul 2004 12:12:50 -0700, "Guy Harris" <[EMAIL PROTECTED]> said: > > On Jul 30, 2004, at 10:14 AM, Greg Weiss wrote: > > > Is there a way to command-line filter tcpdump so that only packets with > > bad TCP checksums are dumped? > > No. > > [...explanation of how tcpdump could conceivably be altered...]
Interesting; thanks. > > P.S. Sentence 2 in the man page should refer to the -r flag, not the -b > > flag, right? > > In tcpdump 3.7.2 and later, it *does* refer to the "-r" flag; it > referred to "-b" in 3.7.1, but 3.7.2 fixes a problem in the ISAKMP > parser for which there's a security advisory. The current version is > 3.8.3; hopefully no current version of any OS is shipping 3.7.1. Ah, figured it might be something like that with a year-old OS. But when I saw the documentation at http://www.tcpdump.org/tcpdump_man.html also saying -b, I figured I'd ask. (Someone might want to update that...) --Greg - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
