Hi,
I did some research to tcp-checksum 0xffff. This checksum should not
appear in tcp-headers. RFC 1624 explains that it can be generated
by a (not-so-good) algorythm for incremental updates to the tcp-checksum
(after NAT for example). The RFC advises systems to validate the
checksum according to RFC 1071 (which will treat the checksum as
valid). Wireshark indeeds uses the method from RFC 1071.
However, some systems just calculate the checksum and then compare
it to the checksum in the packet. This results is a bad checksum
(0x0000 != 0xffff) and the packet will be dropped.
To enhance troubleshooting this situations I wrote a patch that
displayes the checksum as follows:
Checksum: 0xffff [incorrect, should be 0x0000 (maybe caused by "Incremental update"? See RFC 1624.)]
Could someone review this patch (which is attached to bugzilla)?
Cheers,
Sake
