Ethereal-users: RE: [Ethereal-users] Re: finding crc errors

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Dustin Decker" <dustin.decker@xxxxxxxxxxxxxxxx>
Date: Tue, 7 Sep 2004 14:17:41 -0500
I too am interested in an answer to the original question.

While it is perhaps unlikely that I will capture packets with bad IP or TCP
checksums on the wire while routers filter them out, etc. it is entirely
possible to be presented with packets crafted with [insert favorite tool
such as Netdude here] for educational purposes.  In an instance in which 90+
% of packets in a pcap file have bad IP and/or TCP checksums, it would be
handy to be able to filter and quickly locate those which do not, etc.

BTW, for those who don't know, Snort pretty much ignores packets with
invalid IP or TCP checksums.  Packets with the incorrect checksum should
never alert in Snort as then you could be subject to an insertion attack.
You can overcome this by using the -k option at the command line if
necessary.

Dustin Decker

> -----Original Message-----
> From: ethereal-users-bounces@xxxxxxxxxxxx [mailto:ethereal-users-
> bounces@xxxxxxxxxxxx] On Behalf Of Neil
> Sent: Tuesday, September 07, 2004 1:56 PM
> To: Ethereal user support
> Subject: [Ethereal-users] Re: finding crc errors
> 
> I think, I should change my question. I was reading a document regarding
> troubleshooting a distributed application. Their recommendation was to
> setup
> side by side traces or simply, 2 sniffer on both ends, 1 on the client
> side
> and the other 1 on the server side. Assuming I have done this, what is my
> next step to figure out bottlenecks in WAN or application?
> 
> Thanks,
> 
> Neil
> 
> Michael Tuexen writes:
> 
> > Just to be clear:
> >
> > Ethernet uses a CRC,
> > TCP uses a checksum.
> >
> > Best regards
> > Michael
> >
> > On Sep 7, 2004, at 5:53 Uhr, Hansang Bae wrote:
> >
> >> On 03:55 PM 8/31/2004, Neil wrote:
> >>> Hey guys,
> >>> I'm looking for a way for finding crc errors in TCP header just like
> how
> >>> it was mentioned here,
> >>> http://www.networkuptime.com/tips/crc_in_tcp/index.html
> >>> Unfortunately, it is not for Ethereal. So how do we search CRC
> problems
> >>> in Ethereal? Can someone walk me through please?
> >>
> >> Are you looking for Ethernet checksum information or TCP crc info?
> >> Unless you have a) a hub based network or b) Cabletron switches, you
> will
> >> not be able to capture Ethernet checksum issues.  All the switches that
> I
> >> worked with will not pass along damaged Ethernet frames.  Cabletron was
> >> the exception.
> >>
> >> hsb
> >>
> >> _______________________________________________
> >> Ethereal-users mailing list
> >> Ethereal-users@xxxxxxxxxxxx
> >> http://www.ethereal.com/mailman/listinfo/ethereal-users
> >>
> >
> > _______________________________________________
> > Ethereal-users mailing list
> > Ethereal-users@xxxxxxxxxxxx
> > http://www.ethereal.com/mailman/listinfo/ethereal-users
> 
> 
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users