Wireshark
the world's foremost network protocol analyzer
Wireshark-users: [Wireshark-users] Detecting a TCP checksum error at capture time in tshark
From: Jimmy Anders <jimmyswede@xxxxxxxxx>
Date: Wed, 9 Dec 2009 05:12:08 -0800 (PST)
Hi,
In wireshark it is possible to detect a TCP checksum error at capture time by using the tcp.checksum_bad == 1.
How can it be done with tshark? I would like to write to a file only the received TCP packets with a wrong TCP checksum, but it does not look like it can be done at once. Should I use 2 shark instances, one capturing the tcp packets and the other using the display filter to filter the packets with wrong TCP checksum? Are there some examples about how to use tshark to do such things?
Thanks for your help
BRs,
Jimmy
In wireshark it is possible to detect a TCP checksum error at capture time by using the tcp.checksum_bad == 1.
How can it be done with tshark? I would like to write to a file only the received TCP packets with a wrong TCP checksum, but it does not look like it can be done at once. Should I use 2 shark instances, one capturing the tcp packets and the other using the display filter to filter the packets with wrong TCP checksum? Are there some examples about how to use tshark to do such things?
Thanks for your help
BRs,
Jimmy
- Prev by Date: [Wireshark-users] Undocumented feature of display filter macros?
- Next by Date: Re: [Wireshark-users] Error when saving to multiple files
- Previous by thread: [Wireshark-users] Undocumented feature of display filter macros?
- Next by thread: Re: [Wireshark-users] [Wireshark-dev] radius dictionary -> segfault
- Index(es):