[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 6632
  • Last Modified:

Bad TCP checksums

I've been noticing some of these in my sniffer logs. A few questions

1. Do packets received with bad checksum errors, let the other side know the data got corrupted/changed on the way there? Or does the receiving end simply just drop the packet?

2. What causes bad checksum errors?  Misconfigured hosts?  Faulty hardware?

3.  I've noticed that I was getting tcp checksum errors when a default gateway wasnt specified on my linux box. When I specified one however, I stopped seeing them.  Did specifying a default gateway correct this?


Also, can someone tell me whats going on here?

08:23:16.729062 00:80:c6:fa:e3:49 > 00:b0:d0:c6:57:11, ethertype IPv4 (0x0800), length 70: IP (tos 0x0, ttl  31, id 8573, offset 0, flags [none], length: 56) 192.168.1.1 > 192.168.1.12: icmp 36: redirect 192.168.4.3 to host 192.168.1.50 for IP (tos 0x0, ttl  63, id 0, offset 0, flags [DF], length: 48) 192.168.1.12.5901 > 192.168.4.3.1201: [|tcp]

It's obviously an ICMP redirect message from my cable router (192.168.1.1) destined for my linux box (192.168.1.12).  But what is this packet telling 192.168.1.12?

0
dissolved
Asked:
dissolved
2 Solutions
 
bfarmerCommented:
Bad checksums are typically caused by cabling issues, hardware problems, and or driver problems.  

I can't see a gateway setting having much to do with this, but who knows.

The ICMP redirect is telling 192.168.1.12 to use 192.168.1.50 as the gateway for 192.168.4.3.
0
 
complexymetronCommented:
1. TCP provides "secured" data transfer. This means it assures, that data is in the right order and transmitted correctly. So bad checksums would be signalled to the sender, so the packet can be retransmitted by the sender. Look for sequence number and TCP.
(BTW: UDP wouldn't inform the sender. UDP works connectionless - if a packet is wrong it will be dropped)

2. A number of reasons could lead to malformed IP packets. Starts from bad driver on the sender system over faulty hardware (broken cables, etc.) or electromagnetic interference to misconfigured Ethernet frame setting (there are different ones, look for "Ethernet SNAP", "Ethernet 802.2", "Ethernet 802.3", etc. - both stations have to use the same or communication won't work)

3. Normally not. TCP routing works on layer 3 of the OSI networking model, while TCP works on layer 4. Setting a gateway is just setting routing information (e.g. what to do with packets not destined for the local net) - it shouldn't affect reliability of transmission (if connection can be established at all).


Your ethernet trace means:

> 08:23:16.729062 00:80:c6:fa:e3:49 > 00:b0:d0:c6:57:11, ethertype IPv4 (0x0800), length 70: IP (tos 0x0, ttl  31, id 8573, offset 0, flags [none], length: 56) 192.168.1.1 > 192.168.1.12:

= Ethernet frame from MAC1 to MAC2 containing an IP packet from IP1 to IP2

> icmp 36: redirect 192.168.4.3 to host 192.168.1.50

= cleary an ICMP redirect message which informs the host (sender of the original packet) that the gateway found a better route for the packet via the local network and wants to let the host know about that. In this case: "Hey Dude, if you want to reach 192.168.4.3 try 192.168.1.50 as gateway"

> for IP (tos 0x0, ttl  63, id 0, offset 0, flags [DF], length: 48) 192.168.1.12.5901 > 192.168.4.3.1201: [|tcp]

That seems to be a transcript from the original packet the gateway received (this data is included for the host to find the original transmission). The original packet seemed to go from 192.168.1.12 port 5901 to 192.168.4.3 port 1201 using tcp.

For more indepth information, look for RFC 792 (http://www.faqs.org/rfcs/rfc792.html) under "Redirect Message". If you think this behaviour as to be not what you want the gateway to do, then I'd recommend to check the gateway configuration again.
0
 
dissolvedAuthor Commented:
you guys rock
0

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now