Wireshark-users: Re: [Wireshark-users] TCP checksum off-by-one errors?

From: "Anders Broman" <anders.broman@xxxxxxxxxxxx>
Date: Wed, 4 Mar 2009 17:33:43 +0100

Hi,
What version of WS are you using (1.0.6?), any relation to this bug
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3112 ?
Regards
Anders 

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of
netztier@xxxxxxxxxx
Sent: den 4 mars 2009 17:17
To: wireshark-users@xxxxxxxxxxxxx
Subject: Re: [Wireshark-users] TCP checksum off-by-one errors?

Hi Matthias

>Both observations you described seem to deal with the firewall sending 
>wrong checksums. In my case the received packets are wrong.

Well - the way you decribed the problem lead me to believe that there is
a firewall in the path between sender and receiver. And if this firewall
does NAT and/or Initial Sequence Number randomization, it will also have
to rewrite the checksum so that the checksum is valid for the rewritten
packet. That process might be faulty, hence the firewall would actually
be the source and cause of the invalid checksum values.

Are you able to sniff out these packets on both sides of the firewall
and compare them to each other in W'shark?

regards

Marc

________________________________________________________________________
___
Sent via:    Wireshark-users mailing list
<wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
 
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe