All Questions
2
questions
3
votes
2
answers
13k
views
tcpdump packets have bad and incorrect checksums on localhost, how to investigate further?
Am investigating a macOS Catalina machine that is believed to be infected with malware. Have been viewing packets with tcpdump and noticed, on connecting to any web address, there are legit packet ...
13
votes
1
answer
9k
views
Wireshark tcp filter: tcp[((tcp[12:1] & 0xf0) >> 2):4]
While reading this doc https://wiki.wireshark.org/CaptureFilters I found this line:
tcp[((tcp[12:1] & 0xf0) >> 2):4]
which figures out the TCP Header Length, but I can't find out how it ...