MoonPoint Support Logo


Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals

Advanced Search
Sun Mon Tue Wed Thu Fri Sat
12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31      
JulAug Sep
Oct Nov Dec

Sat, Dec 10, 2016 8:25 pm

tcpdump bad udp cksum 0x431e message

While troubleshooting a problem with Domain Name System (DNS) lookups on a CentOS 7 system, I ran tcpdump using the -vv option to get very verbose output. The output from tcpdump showed many "bad udp cksum 0x431b" messages.

# tcpdump -i enp1s4 -vv port 53
tcpdump: listening on enp1s4, link-type EN10MB (Ethernet), capture size 65535 by
15:04:44.432784 IP (tos 0x0, ttl 64, id 18564, offset 0, flags [DF], proto UDP (
17), length 75) > [bad udp cksum 0x431e -> 0x9f9d
!] 29085+ A? (47)
15:04:44.433856 IP (tos 0x0, ttl 64, id 21529, offset 0, flags [DF], proto UDP (
17), length 73)

As explained at UDP / TCP Checksum errors from tcpdump & NIC Hardware Offloading by Sokratis Galiatsis "This is caused because you have checksum offloading on your network card (NIC) and tcpdump reads IP packets from the Linux kernel right before the actual checksum takes place in the NIC’s chipset. That’s why you only see errors in tcpdump and your network traffic works ok."

[ More Info ]

[/os/unix/programs/network/tcpdump] permanent link

Sun, Jun 12, 2016 10:58 pm

Using tcpdump to monitor connectivity to a host excluding a port

There are occasions where I need to monitor all traffic between two hosts with tcpdump, but I want to exclude the traffic for a particular port. E.g., I may be logged into a system via Secure Shell (SSH), but don't want to have the output of tcpdump cluttered with the SSH traffic. If you want to view traffic between the host you are logged into and a remote system, you can specify the remote system using tcpcump host remote_host where remote_host is the fully qualified domain name (FQDN) of the remote system, e.g., or the IP address of the remote system. You can monitor only traffic to/from a particular port using the port port_number parameter where port_number is the relevant port. E.g., if I wanted to monitor only SSH traffic with the host for the standard SSH port, port 22, I could use the command below:
# tcpdump host and port 22

If you wish to have tcpdump monitor traffic based on two parameters, e.g., host name and port number in the example above, put the word and between the parameters. However, if I wanted to monitor all traffic to/from, except for traffic using port 22, I can put not before the word port.

# tcpdump host and not port 22

[/os/unix/programs/network/tcpdump] permanent link

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo