Wireshark-dev: Re: [Wireshark-dev] Problem with tcp_dissect_pdus
From: Gerhard Gappmeier <[email protected]>
Date: Thu, 13 Jul 2006 15:50:59 +0200
HI Ulf,

thanks, now I understand the problem.
BTW, my linux box has the same feature as Win XP.

mit freundlichen Grüßen / best regards

Gerhard Gappmeier
ascolab GmbH - automation system communication laboratory
Tel.: +49 9131 691 123
Fax: +49 9131 691 128
Web: http://www.ascolab.com
GPG-Key: http://www.ascolab.com/gpg/gg.asc

Ulf Lamping schrieb:
After disabling the check of the TCP checksum it works.

Can anybody explain this behaviour?
That looks like a bug for me.

See http://www.wireshark.org/docs/wsug_html_chunked/ChAdvChecksums.html about checksum offloading in general. Windows XP machines will usually use checksum offloading (if the driver supports it, and it usually does).

The reassembling code won't "see" packets that contain wrong checksums, to avoid "poisoning" the internal reassembly "database". Keep in mind, that the reassembling code was written before checksum offloading become common, so this was ok at that time.

If you switch off checksum checks, reassembling will "see" all packets.

Well, this is not a bug in the common sense (the code does what's intended). However, with current Windows systems (and when I remember right some Unixes use offloading too), it's questionable if this is the best way to handle this ...

Regards, ULFL
Verschicken Sie romantische, coole und witzige Bilder per SMS!
Jetzt bei WEB.DE FreeMail: http://f.web.de/?mc=021193

Wireshark-dev mailing list
[email protected]