I want to apply only filter such as Bad TCP Checksum errors ICMP errors for wireshark. How can I achieve this. asked 29 Apr '15, 12:07  Devendra edited 29 Apr '15, 12:23 |
One Answer:
ICMP should be easy, just filter away echo request and reply (type 8 and 0). Unless you have funky stuff like address mask/timestamp requests that should only show problems. The best filter for this is Filtering for checksum errors doesn't make sense because you won't be able to capture real packets with checksum errors. They'd be dropped by your network card before you ever see them. See this blog post for more details: https://blog.packet-foo.com/2013/05/capturing-damaged-frames/ For bad TCP you could try to work with the filter answered 29 Apr '15, 12:17  Jasper ♦♦ |
