Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: Re: [Wireshark-users] TCP checksum off-by-one errors?

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: "Matthias Pigulla" <mp@xxxxxxxxxxxxx>
Date: Wed, 4 Mar 2009 16:52:23 +0100

Hi,

> Cisco Firewalls (and others) perform randomization and rewriting of
> initial TCP sequence numbers, therefore, they
> have to recalculate the UDP or TCP checksum as well. Try the keyword
> "norandomseq" in the nat/global or static
> statements that relate to this connection and see if it makes a
> difference.

I will try. But still, when the checksum is wrong for a received packet,
doesn't that mean that there's a problem on the sender's side or path?

Both observations you described seem to deal with the firewall sending
wrong checksums. In my case the received packets are wrong.

What might be in the packets sent through the firewall that affects
checksum calculation for packets sent back?

Thanks
Matthias
  • References:
    • Re: [Wireshark-users] TCP checksum off-by-one errors?
      • From: netztier@xxxxxxxxxx
  • Prev by Date: Re: [Wireshark-users] Book about Wireshark
  • Next by Date: Re: [Wireshark-users] TCP checksum off-by-one errors?
  • Previous by thread: Re: [Wireshark-users] TCP checksum off-by-one errors?
  • Next by thread: Re: [Wireshark-users] TCP checksum off-by-one errors?
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation