Tool 11: Sniff and verify checksums

Description:

  This tool sniffs and verify checksums (IP header, TCP, UDP, etc.).
  If a bad checksum is encountered, it is displayed along with the
  expected value.
  
  Parameter --device indicates on which device to sniff. Please note
  that under some systems, such as Windows, sniffing on some devices is
  not supported.
  Parameter --filter defines the sniff filter. It permits to restrict
  captured packets. This kind of filter is named a BPF or pcap filter.
  Basic elements of a filter are:
    host 1.2.3.4
    net 192.168.10
    net 192.168.10.0 mask 255.255.255.0
    net 192.168.10.0/24
    port 21
    dst host 1.2.3.4
    src port 2345
    ether host a:b:c:d:e:f ('ether a:b:c:d:e:f' is not working)
    ether src aa:bb:cc:dd:ee:ff
    ip
    arp
    rarp
    tcp
    icmp
    udp
  Here are filter examples:
    "host 1.2.3.4"
    "net 192.168 and icmp"
    "host 1.2.3.4 or dst port 80"
    "(udp or tcp) and not host 1.2.3.4"
  Parameter --rawip indicates to ignore Ethernet/link layer, and start
  displaying at IP header.
  Parameter --ipreas tries to reassemble IP packets. This might miss
  packets.
  
  This tool may need to be run with admin privilege in order to sniff.

Synonyms:

capture

Usage:

netwox 11 [-d device] [-f filter] [-r|+r] [-i|+i]

Parameters:

parameter	description	example
`-d\|--device device`	device name	Eth0
`-f\|--filter filter`	pcap filter
`-r\|--rawip\|+r\|--no-rawip`	sniff at IP level
`-i\|--ipreas\|+i\|--no-ipreas`	reassemble IP packets

Example:

netwox 11