Hello Stuart,
This issue has been discussed a lot and has even been incorporated in
the Ethereal FAQ: http://www.ethereal.com/faq.html#q5.14
<start>
Q 5.14: Why am I seeing lots of packets with incorrect TCP checksums?
A: If the packets that have incorrect TCP checksums are all being sent
by the machine on which Ethereal is running, this is probably because
the network interface on which you're capturing does TCP checksum
offloading. That means that the TCP checksum is added to the packet by
the network interface, not by the OS's TCP/IP stack; when capturing on
an interface, packets being sent by the host on which you're capturing
are directly handed to the capture interface by the OS, which means
that they are handed to the capture interface without a TCP checksum
being added to them.
The only way to prevent this from happening would be to disable TCP
checksum offloading, but
1.. that might not even be possible on some OSes;
2.. that could reduce networking performance significantly.
However, you can disable the check that Ethereal does of the TCP
checksum, so that it won't report any packets as having TCP checksum
errors, and so that it won't refuse to do TCP reassembly due to a
packet having an incorrect TCP checksum. That can be set as an
Ethereal preference by selecting "Preferences" from the "Edit" menu,
opening up the "Protocols" list in the left-hand pane of the
"Preferences" dialog box, selecting "TCP", from that list, turning off
the "Check the validity of the TCP checksum when possible" option,
clicking "Save" if you want to save that setting in your preference
file, and clicking "OK".
It can also be set on the Ethereal or Tethereal command line with a -o
tcp.check_checksum:false command-line flag, or manually set in your
preferences file by adding a tcp.check_checksum:false line.
<end>
Hope this helps!
Regards,
Olivier
----- Original Message -----
From: "Stuart MacDonald" <stuartm@xxxxxxxxxxxxxxx>
To: <ethereal-dev@xxxxxxxxxxxx>
Sent: Friday, June 04, 2004 8:33 PM
Subject: [Ethereal-dev] Incorrect TCP checksums
| Ethereal: 0.10.4
| Interface: GTK2
| OS: Windows XP
|
| I'm getting a lot of, but not all, packets with an incorrect TCP
| checksum reported.
|
| I think this is a bug in Ethereal, but am not 100%.
|
| Older traces I had saved also show up incorrect checksums, but I may
| not have noticed them before, not having the [] in the packet list
to
| notify me.
|
| Simultaneous captures (both attached) show incorrect for the capture
| from the machine ethereal was on, but correct for the tcpdump from
my
| linux box, although I used the same ethereal to look at the tcpdump.
|
| Anyone else seeing this?
|
| As always, available to do more testing, etc.
|
| ..Stu
|
----------------------------------------------------------------------
----------
| _______________________________________________
| Ethereal-dev mailing list
| Ethereal-dev@xxxxxxxxxxxx
| http://www.ethereal.com/mailman/listinfo/ethereal-dev
|
