diff --git a/scripts/base/init-default.bro b/scripts/base/init-default.bro
index 91011738d1..566a59808a 100644
--- a/scripts/base/init-default.bro
+++ b/scripts/base/init-default.bro
@@ -41,3 +41,5 @@
 @load base/protocols/ssh
 @load base/protocols/ssl
 @load base/protocols/syslog
+
+@load base/misc/find-checksum-offloading
\ No newline at end of file
diff --git a/scripts/base/misc/find-checksum-offloading.bro b/scripts/base/misc/find-checksum-offloading.bro
new file mode 100644
index 0000000000..25ae30eea7
--- /dev/null
+++ b/scripts/base/misc/find-checksum-offloading.bro
@@ -0,0 +1,57 @@
+##! Discover cases where the local interface was sniffed and outbound packets
+##! had checksum offloading.  Load this script to receive a notice if it's 
+##! likely that checksum offload effects are being seen on a live interface or 
+##! in a packet trace file.
+
+@load base/frameworks/notice
+
+module ChecksumOffloading;
+
+export {
+	## The interval which is used for checking packet statistics 
+	## to see if checksum offloading is affecting analysis.
+	const check_interval = 10secs &redef;
+}
+
+# Keep track of how many bad checksums have been seen.
+global bad_checksums = 0;
+# Track to see if this script is done so that messages aren't created multiple times.
+global done = F;
+
+
+event ChecksumOffloading::check()
+	{
+	if ( done ) 
+		return;
+	
+	local pkts_recvd = net_stats()$pkts_recvd;
+	if ( (bad_checksums*1.0 / net_stats()$pkts_recvd*1.0) > 0.05 )
+		{
+		local packet_src = reading_traces() ? "trace file likely has" : "interface is likely receiving";
+		local message = fmt("Your %s invalid IP checksums, most likely from NIC checksum offloading.", packet_src);
+		Reporter::warning(message);
+		done = T;
+		}
+	else if ( pkts_recvd < 20 )
+		{
+		# Keep scheduling this event until we've seen some lower threshold of 
+		# total packets.
+		schedule check_interval { ChecksumOffloading::check() };
+		}
+	}
+
+event bro_init()
+	{
+	schedule check_interval { ChecksumOffloading::check() };
+	}
+
+event net_weird(name: string)
+	{
+	if ( name == "bad_IP_checksum" )
+		++bad_checksums;
+	}
+
+event bro_done()
+	{
+	event ChecksumOffloading::check();
+	}
\ No newline at end of file