I'm in need of some advice. I have a tcp dump in which I need to write my own custom sniffer to detect any corrupt tcp packets. The tcpdump contains packets that I have modified to hide hidden data. This has been done by using a kernel module and protocol type handler (to clone the packet) to insert ("hidden") data into the checksum field.
Can anyone give me some advice in how I can design a program to detect this? Could I use libpcap? (im using linux ubuntu)