Ethereal-users: [Ethereal-users] IP Header Checksum 0x0000
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: "Beasley, Alicia Ms CTR US DISA CDM2" <Alicia.Beasley@xxxxxxxxxxxx>
Date: Tue, 8 Aug 2006 10:21:56 -0500
------------------- The Ethereal project is being continued at a new site. Please go to http://www.wireshark.org and subscribe to wireshark-users@xxxxxxxxxxxxx. Don't forget to unsubscribe from this list at http://www.ethereal.com/mailman/listinfo/ethereal-users -------------------
Ethereal,
I
am troubleshooting an issue involving a smtp connection from our exchange server
on one network to an Ironport Mail Relay. The problem is that email will
start building up in the mail queue on the exchange server and during this time
I don't see any packets traverse between the two devices on the network.
An ethereal capture taken on the exchange server itself shows one difference at
the time right before the mail stops flowing. I have attached three
packets with 0x0000 IP header checksum.
Can someone explain
to me what this means? After these three packets, there are no packets for
about 60 seconds and then a new session starts and mail starts flowing
again.
Alicia D. Beasley
Systems Analyst II
Central Communications Center
(CCC)
DISA Montgomery
No. Time Source Destination Protocol Info
1590 108.811255 x.x.x.x y.y.y.y TCP 29453 > smtp [SYN] Seq=0 Ack=0 Win=65535 Len=0 MSS=1460
Frame 1590 (62 bytes on wire, 62 bytes captured)
Arrival Time: Aug 8, 2006 08:28:12.593030000
Time delta from previous packet: 108.811255000 seconds
Time since reference or first frame: 108.811255000 seconds
Frame Number: 1590
Packet Length: 62 bytes
Capture Length: 62 bytes
Protocols in frame: eth:ip:tcp
Ethernet II, Src: x.x.x.x (00:02:a5:4e:86:16), Dst: All-HSRP-routers_06 (00:00:0c:07:ac:06)
Destination: All-HSRP-routers_06 (00:00:0c:07:ac:06)
Source: x.x.x.x (00:02:a5:4e:86:16)
Type: IP (0x0800)
Internet Protocol, Src: x.x.x.x (x.x.x.x), Dst: y.y.y.y (y.y.y.y)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 48
Identification: 0x6981 (27009)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x0000 [incorrect, should be 0xa442]
Source: x.x.x.x (x.x.x.x)
Destination: y.y.y.y (y.y.y.y)
Transmission Control Protocol, Src Port: 29453 (29453), Dst Port: smtp (25), Seq: 0, Ack: 0, Len: 0
Source port: 29453 (29453)
Destination port: smtp (25)
Sequence number: 0 (relative sequence number)
Header length: 28 bytes
Flags: 0x0002 (SYN)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Window size: 65535
Checksum: 0x491f [correct]
Options: (8 bytes)
Maximum segment size: 1460 bytes
NOP
NOP
SACK permitted
***********************************************
No. Time Source Destination Protocol Info
1601 111.692413 x.x.x.x y.y.y.y TCP 29453 > smtp [SYN] Seq=0 Ack=0 Win=65535 Len=0 MSS=1460
Frame 1601 (62 bytes on wire, 62 bytes captured)
Arrival Time: Aug 8, 2006 08:28:15.474188000
Time delta from previous packet: 2.881158000 seconds
Time since reference or first frame: 111.692413000 seconds
Frame Number: 1601
Packet Length: 62 bytes
Capture Length: 62 bytes
Protocols in frame: eth:ip:tcp
Ethernet II, Src: x.x.x.x (00:02:a5:4e:86:16), Dst: All-HSRP-routers_06 (00:00:0c:07:ac:06)
Destination: All-HSRP-routers_06 (00:00:0c:07:ac:06)
Source: x.x.x.x (00:02:a5:4e:86:16)
Type: IP (0x0800)
Internet Protocol, Src: x.x.x.x (x.x.x.x), Dst: y.y.y.y (y.y.y.y)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 48
Identification: 0x7373 (29555)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x0000 [incorrect, should be 0x9a50]
Source: x.x.x.x (x.x.x.x)
Destination: y.y.y.y (y.y.y.y)
Transmission Control Protocol, Src Port: 29453 (29453), Dst Port: smtp (25), Seq: 0, Ack: 0, Len: 0
Source port: 29453 (29453)
Destination port: smtp (25)
Sequence number: 0 (relative sequence number)
Header length: 28 bytes
Flags: 0x0002 (SYN)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Window size: 65535
Checksum: 0x491f [correct]
Options: (8 bytes)
Maximum segment size: 1460 bytes
NOP
NOP
SACK permitted
*******************************************
No. Time Source Destination Protocol Info
1622 117.699396 x.x.x.x y.y.y.y TCP 29453 > smtp [SYN] Seq=0 Ack=0 Win=65535 Len=0 MSS=1460
Frame 1622 (62 bytes on wire, 62 bytes captured)
Arrival Time: Aug 8, 2006 08:28:21.481171000
Time delta from previous packet: 6.006983000 seconds
Time since reference or first frame: 117.699396000 seconds
Frame Number: 1622
Packet Length: 62 bytes
Capture Length: 62 bytes
Protocols in frame: eth:ip:tcp
Ethernet II, Src: x.x.x.x (00:02:a5:4e:86:16), Dst: All-HSRP-routers_06 (00:00:0c:07:ac:06)
Destination: All-HSRP-routers_06 (00:00:0c:07:ac:06)
Source: x.x.x.x (00:02:a5:4e:86:16)
Type: IP (0x0800)
Internet Protocol, Src: x.x.x.x (x.x.x.x), Dst: y.y.y.y (y.y.y.y)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 48
Identification: 0x8d01 (36097)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x0000 [incorrect, should be 0x80c2]
Source: x.x.x.x (x.x.x.x)
Destination: y.y.y.y (y.y.y.y)
Transmission Control Protocol, Src Port: 29453 (29453), Dst Port: smtp (25), Seq: 0, Ack: 0, Len: 0
Source port: 29453 (29453)
Destination port: smtp (25)
Sequence number: 0 (relative sequence number)
Header length: 28 bytes
Flags: 0x0002 (SYN)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Window size: 65535
Checksum: 0x491f [correct]
Options: (8 bytes)
Maximum segment size: 1460 bytes
NOP
NOP
SACK permitted
_______________________________________________ Ethereal-users mailing list Ethereal-users@xxxxxxxxxxxx http://www.ethereal.com/mailman/listinfo/ethereal-users
- Prev by Date: Re: [Ethereal-users] Help with Ethereal
- Next by Date: [Ethereal-users] How do I sniff GSM and GPRS traffic -SMS ??? please assist
- Previous by thread: Re: [Ethereal-users] Help with Ethereal
- Next by thread: [Ethereal-users] How do I sniff GSM and GPRS traffic -SMS ??? please assist
- Index(es):
- Get Wireshark
- Download
- Code of Conduct