[Webinar] Streamline your web hosting managementRegister Today


TCP checksum offload -- how can this be resolved

Posted on 2008-01-29
Medium Priority
Last Modified: 2013-12-02
I am trying to set a custom apache application in my DMZ.  This application needs to speak to another Apache Tomcat application server in my internal network w/ then that server talks to a SQL 2005 database server.

We are having issues with the communications between the Web server in the DMZ to the Application Server w/n the internal network

After running a Wireshark live scan on it, I saw multiple drops of mutliple ports showing the same error message -- "Checksum: (e.g. 0xc1e3) [incorrect, should be "(e.g. 0x17cd)" (maybe caused by "TCP checksum offload")

Does anyone have any suggestions on how we can clean this up so our communication between the Web server in the DMZ, through our ASA firewall to our Application server w/n our network can be smooth.  

Thanks in advance for the help.  

Ryan J. Boyle
Question by:CPGHelpDesk
1 Comment

Accepted Solution

bigcurefan earned 2000 total points
ID: 20774771
I don't think the checksum errors were necessarily drops.  It's common to see these with Wireshark.  Go to section 7.8.2 at http://www.wireshark.org/docs/wsug_html_chunked/ChAdvChecksums.html , it explains it further.

If you don't want to see them, either turn off the checksum offloading in the network driver or turn off checksum validation of the specific protocol in the Wireshark preferences.

Can you better define "communication issues"?  What ports are involved, etc.


Featured Post

Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Upgrading Tomcat – There are a couple of methods to upgrade Tomcat is to use The Apache Installer is to download and unzip and run the services.bat remove|install Tomcat6 Because of the App that we are working with, we can only use Tomcat 6.…
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses
Course of the Month11 days, 4 hours left to enroll

612 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question