[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 12078
  • Last Modified:

[TCP CHECKSUM INCORRECT]

Is it normal for Wireshark to be reporting about 33% of all network data as [TCP CHECKSUM INCORRECT]? For each 2 "Continuation of HTTP traffic" packets I get, I also get 1 packet marked as [TCP CHECKSUM INCORRECT] (highlighted in black in Wireshark).
0
tylermenezes
Asked:
tylermenezes
1 Solution
 
static-voidCommented:
Thats obviousally really bad. Is happening to all hosts or just a specific one? The most likely cause is that you have some seriously bad link in your network. Check for bad cabling. You should start by trying to isolate where the prob is. If your using wireless anywhere thats a good place to start.
0
 
tylermenezesAuthor Commented:
I'm pretty sure it's the router (it's fine without it), but I wanted to make sure this wasn't normal.
0
 
static-voidCommented:
yeah if 1/3 is checksum failed that means that another 1/3 is failed packets so only 1/3 of packets are correctly transmitted. Thats real bad
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
tylermenezesAuthor Commented:
Thanks for the help. I assigned points to your earlier response, because it clarified my problem and will probably help anyone else more than is necessary in my case.
0
 
CoreyMacCommented:
I think as a time-tested question this is just likely wrong...

Checksums are rarely wrong, so look at the checksum value in the trace.  If it is TCP and 0000 (zeros) then the problem is probably bogus.

The source of this is usually the fact the TCP checksums-offload are enabled in the NIC driver and so many of the packets (the ones to/from this machine) have their checksums not calculated until the actual NIC gets ready to transmit the frame.  

Wireshark can't tell so it calls it in error.
0
 
JasonMewesCommented:
It is common for wireshark to display *almost all* packets as having bad CRC because of checksum offloading (as explained by CoreyMac)... however it seems a bit odd that you have a large number of packets displayed as good? Unless they are UDP packets, for which a CRC of 0 is always valid as it specifies that checksums are disabled for the current packet. The IP level checksum cannot be disabled however, but if this is not offloaded you might find yourself in this exact situation.

In any case, what you can do is to disable offloading in your network card settings:

Control Panel -> Device Manager -> Your network card -> Properties -> General -> Change Settings -> Advanced

Go through the list of properties and disable offloading, on my network card I have disabled the following:

IPv4 Checksum Offload
TCP Checksum Offload (IPv4)
TCP Checksum Offload (IPv6)
UDP Checksum Offload (IPv4)
UDP Checksum Offload (IPv6)

This will put more "strain" on your CPU, but can be useful when wiresharkin'...
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now