Bad TCP checksums
Posted on 2004-09-18
I've been noticing some of these in my sniffer logs. A few questions
1. Do packets received with bad checksum errors, let the other side know the data got corrupted/changed on the way there? Or does the receiving end simply just drop the packet?
2. What causes bad checksum errors? Misconfigured hosts? Faulty hardware?
3. I've noticed that I was getting tcp checksum errors when a default gateway wasnt specified on my linux box. When I specified one however, I stopped seeing them. Did specifying a default gateway correct this?
Also, can someone tell me whats going on here?
08:23:16.729062 00:80:c6:fa:e3:49 > 00:b0:d0:c6:57:11, ethertype IPv4 (0x0800), length 70: IP (tos 0x0, ttl 31, id 8573, offset 0, flags [none], length: 56) 192.168.1.1 > 192.168.1.12: icmp 36: redirect 192.168.4.3 to host 192.168.1.50 for IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], length: 48) 192.168.1.12.5901 > 192.168.4.3.1201: [|tcp]
It's obviously an ICMP redirect message from my cable router (192.168.1.1) destined for my linux box (192.168.1.12). But what is this packet telling 192.168.1.12?