From owner-freebsd-net Fri Jul 12 12:34: 2 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 37C3C37B400 for ; Fri, 12 Jul 2002 12:33:59 -0700 (PDT) Received: from rerun.avayactc.com (rerun.avayactc.com [199.93.237.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3ADFF43E75 for ; Fri, 12 Jul 2002 12:33:58 -0700 (PDT) (envelope-from mcambria@avaya.com) Received: by rerun.avayactc.com with Internet Mail Service (5.5.2653.19) id <3YWRQQXW>; Fri, 12 Jul 2002 15:33:55 -0400 Message-ID: <3A6D367EA1EFD4118C9B00A0C9DD99D7065A40@rerun.avayactc.com> From: "Cambria, Mike" To: "'Andrew R. Reiter'" , "Cambria, Mike" Cc: 'Jonathan Lemon' , "'freebsd-net@freebsd.org'" Subject: RE: xl checksum and dsniff Date: Fri, 12 Jul 2002 15:33:54 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > -----Original Message----- > From: Andrew R. Reiter [mailto:arr@watson.org] > :Next I'll try to track down if this is this a libnet problem, libnids > :problem or dsniff problem, so I know which project I need to inform. > > IIRC, the problem is BPF b/c it doesn't know the checksum since the > calculation was offloaded, no? Possibly, or perhaps libpcap? Now that I know checksum offload is indeed involved, I booted the original kernel and poked around. Using dsniff -c, dsniff was able to see packets received just fine. The half of the session sent is what dsniff can't track. Packets received, although tcpdump shows "bad checksum", are seen by dsniff just fine. I expected it to be the other way around. MikeC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message