Tool 11: Sniff and verify checksums

Description:

  This tool sniffs and verify checksums (IP header, TCP, UDP, etc.).
  If a bad checksum is encountered, it is displayed along with the
  expected value.
  
  Parameter --device indicates on which device to sniff. Please note
  that under some systems, such as Windows, sniffing on some devices is
  not supported.
  Parameter --filter defines the sniff filter. It permits to restrict
  captured packets. This kind of filter is named a BPF or pcap filter.
  Basic elements of a filter are:
    host 1.2.3.4
    net 192.168.10
    net 192.168.10.0 mask 255.255.255.0
    net 192.168.10.0/24
    port 21
    dst host 1.2.3.4
    src port 2345
    ether host a:b:c:d:e:f ('ether a:b:c:d:e:f' is not working)
    ether src aa:bb:cc:dd:ee:ff
    ip
    arp
    rarp
    tcp
    icmp
    udp
  Here are filter examples:
    "host 1.2.3.4"
    "net 192.168 and icmp"
    "host 1.2.3.4 or dst port 80"
    "(udp or tcp) and not host 1.2.3.4"
  Parameter --rawip indicates to ignore Ethernet/link layer, and start
  displaying at IP header.
  Parameter --ipreas tries to reassemble IP packets. This might miss
  packets.
   

Usage:

  netwox 11 [-d device] [-f filter] [-r|+r] [-i|+i]

Parameters:

parameter description example
-d|--device device device name Eth0
-f|--filter filter pcap filter  
-r|--rawip|+r|--no-rawip sniff at IP level  
-i|--ipreas|+i|--no-ipreas reassemble IP packets  

Example:

  netwox 11