The TCP plugin contains a bug where if the size of the data sent (as specified by max_bytes_read) exceeds 249 (or lower for large files), the double hex encoding causes the TCP packet data to exceed 1024 bytes, which is what is specified in the tcp.py file as the amount of bytes to be read from the socket. The remaining bytes are lost in the subsequent read, resulting in missing bytes and a checksum failure.

data = connection.recv(1024)

Where:

max_bytes_read=250
min_bytes_read=250

[2016-03-12.06:01:28] [tcp] Sending 514 bytes to 127.0.0.1

[2016-03-12.06:01:28] [tcp] Received 1024 bytes
[2016-03-12.06:01:28] Received 512 bytes
[2016-03-12.06:01:28] [tcp] Received 4 bytes

Additionally, det.py fails to log corrupted files due to an argument error in warning(), which takes one argument, but two are supplied.

warning("File %s corrupt!" % fname, True)

The TCP recv() value should be something large like 65535 and the argument error should be corrected.

Fixed with #2 Pull request, thanks a lot for your contribution @ryanohoro