Wireshark
the world's foremost network protocol analyzer
Wireshark-users: Re: [Wireshark-users] TCP checksum off-by-one errors?
From: "netztier@xxxxxxxxxx" <netztier@xxxxxxxxxx>
Date: Wed, 4 Mar 2009 09:54:56 +0000 (GMT)
Hi all >- Any ideas why having the firewall in place makes a difference? I >presume that the checksum can be calculated from the single packet - so >when I receive packets with wrong checksums, the problem must be on the >remote end or the path from it to me. Who sent or what has been sent >before should not make a difference... Cisco Firewalls (and others) perform randomization and rewriting of initial TCP sequence numbers, therefore, they have to recalculate the UDP or TCP checksum as well. Try the keyword "norandomseq" in the nat/global or static statements that relate to this connection and see if it makes a difference. >- Have you seen something like this before? How could I proceed? I've had the problem with a Cisco FWSM (Firewall Service Module, essentially a PIX-in-a-Cat6500-module) and while "fixup protocol dns" was active. The first udp packet of an outbound DNS lookup would have a wrong UDP checksum, and was refused by the remote DNS server that had UDP checksum verification activated. regards Marc
- Follow-Ups:
- Re: [Wireshark-users] TCP checksum off-by-one errors?
- From: Matthias Pigulla
- Re: [Wireshark-users] TCP checksum off-by-one errors?
- Prev by Date: Re: [Wireshark-users] Duplicate ACK
- Next by Date: [Wireshark-users] Book about Wireshark
- Previous by thread: [Wireshark-users] TCP checksum off-by-one errors?
- Next by thread: Re: [Wireshark-users] TCP checksum off-by-one errors?
- Index(es):