ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Ethereal-users: [Ethereal-users] FW: IP Header Checksum 0x0000

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "chad scoville" <chad@xxxxxxxxxxxxxxxx>
Date: Thu, 10 Aug 2006 13:56:25 +0000
-------------------
The Ethereal project is being continued at a new site.  Please go to
http://www.wireshark.org and subscribe to wireshark-users@xxxxxxxxxxxxx.
Don't forget to unsubscribe from this list at
http://www.ethereal.com/mailman/listinfo/ethereal-users
-------------------
hi,

if all three packets are from the same source, it looks like there is no 3way handshake
the source keeps sending a SYN to the destination - the destination should be replying with a SYN to establish the TCP connection before data transmission can begin

I would sniff the cxn to the destination server and see if (1) the syn is received from your source, and (2) if it is, then if a SYN/ACK is sent by the destination back to your source.

somewhere along the path between src and dest there are pkts being dropped it appears

again, unless you have a syn, syn, ack then there is no data transmitted when utilizing TCP as a layer 4 protocol


ethereal-users-bounces@xxxxxxxxxxxx wrote on 08/10/2006 09:27:09 AM:

> -------------------
> The Ethereal project is being continued at a new site. Please go to
> http://www.wireshark.org and subscribe to wireshark-users@xxxxxxxxxxxxx.
> Don't forget to unsubscribe from this list at
> http://www.ethereal.com/mailman/listinfo/ethereal-users
> -------------------
>
>
>
> From: Beasley, Alicia Ms CTR US DISA CDM2
> Sent: Tuesday, August 08, 2006 10:22
> To: 'ethereal-users@xxxxxxxxxxxx'
> Cc: Robinson, Donald F Mr CTR US DISA CDM3
> Subject: IP Header Checksum 0x0000

> Ethereal,
> I am troubleshooting an issue involving a smtp connection from
> our exchange server on one network to an Ironport Mail Relay. The
> problem is that email will start building up in the mail queue on
> the exchange server and during this time I don't see any packets
> traverse between the two devices on the network. An ethereal
> capture taken on the exchange server itself shows one difference at
> the time right before the mail stops flowing. I have attached three
> packets with 0x0000 IP header checksum.
> Can someone explain to me what this means? After these three
> packets, there are no packets for about 60 seconds and then a new
> session starts and mail starts flowing again.
>
>
> Alicia D. Beasley
> Systems Analyst II
> Central Communications Center (CCC)
> DISA Montgomery
>
> [attachment "exchange-checksum.txt" deleted by Chad Scoville/db/dbcom]
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube