First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

tcp checksum offload and non-zero value

I have capture taken from a CentOS 7 VM where several TCP packets show an incorrect checksum possibly caused by "TCP checksum offloading".

There is an unusually high volume of these packets (73) for it be legitimate it seems. The value of this field is not zero however.

My question is when TCP checksum offloading occurs, should this value be zeroed? If not, any ideas what happened here?

vsharker's avatar
1
vsharker
asked 2018-11-23 19:10:44 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

2 Answers

0

Just checked some of my traces.

So I found the next. Among the packets with wrong checksum:

  • All TCP checksums I've seen are nonzero;
  • All UDP checksums I've seen are nonzero too;
  • IP checksums sometimes are zeroed, sometimes are not.

It would be nice to hear where these checksums fields are coming from. Probably it depends on TCP stack implementation.

As for high volume I don't see any problem with that, there might be tons of such packets (basically all of the sent packets containing TCP).

Packet_vlad's avatar
1.1k
Packet_vlad
answered 2018-11-23 20:26:11 +0000, updated 2018-11-24 06:12:51 +0000
edit flag offensive 0 remove flag delete link
more

Comments

@Packet_vlad you misunderstood. Of course all the packets will have checksums. That is not the issue. The TCP packets are being reported as having an INCORRECT checksum.

There is a problem if you have a high volume of packets with incorrect checksums. Furthermore, the packets were replied to which means the receiver didn't determine the checksums were invalid.

This is most likely do to TCP checksum offloading but I was under the impression that there will be no checksum in this instance because Wireshark captures the frame before the checksum is actually computed.

vsharker's avatar vsharker (2018-11-23 23:22:35 +0000) edit
more
  • delete

"No checksum" doesn't necessarily mean "checksum field is zero" - it might be that, when transmitting packets on an interface that does checksumming of outgoing IP/TCP or IP/UDP packets, the networking stack not only doesn't bother generating a checksum, it doesn't even bother zeroing out the checksum fields, leaving whatever junk was there in memory.

Guy Harris's avatar Guy Harris (2018-11-23 23:58:47 +0000) edit
more
  • delete

@Guy Harris that could be the case. It would be great if someone could confirm.

vsharker's avatar vsharker (2018-11-24 00:01:07 +0000) edit
more
  • delete

@vsharker The statistics I wrote about in my answer was regarding packets that ALL have "Incorrect checkum" warning. Just different type of wrong checksum (TCP/UDP/IP). Sorry, I wasn't clear enough. I corrected the answer.

For sure the receiver doesn't consider these checksums invalid because they get overwritten by NIC with another correct ones so it doesn't matter whether you have large volume of them.

Packet_vlad's avatar Packet_vlad (2018-11-24 06:04:15 +0000) edit
more
  • delete
add a comment see more comments
0

I have been trying to check the TCP checksum offload and non zero value in the network system which when I check I could not understand the value. I have got the error code 43 mac in my MacBook pro which I was looking to fix with easy steps.

andrew007's avatar
1
andrew007
answered 2018-11-24 21:12:30 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer