What would cause an Internet Protocol Checksum error

I am getting some header checksum errors when I run a network sniffer. What would cause these?

Example error: internet protocol header checksum: 0x0000 [Incorrect, should be 0x6829
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

bad cable?
device with brokenTCP/IP  stack?
broken network sniffer?

could you explain a little more about your setup?
Wired? / cabled? / with routers / with switches , etc.

If it's cabled and a small home network, then just replace your ethernet cable and retry.
Cables might be broken even if you don't see any external damage.
adimitAuthor Commented:
if its IP would it not be software related? I thought frame check sum errors being layer 2 had to do with hardware.

This isn't a home network. Each station is connected to a layer 2 switch via cat5. Since both computers are in different parts of the plant, the switches are interconnected with fiber. There are about 40 devices on the network.

I don't get many of them but they show up at a rate of 1 every 15 minutes
I'm not very knowledgable about all the NW ayers, but I think you're right.
This sounds more be a HW error.

In our case (huge corporate NW) we observed a low data rate and errors were seem on linux with ifconfig..
The culprit was a bad cat5 patch cable.

Are the errors only between two specific hosts?
or is it always the same host, which is involved?

if it's a Unix host/ does ifconfig also report this errors?
Become an IT Security Management Expert

In today’s fast-paced, digitally transformed world of business, the need to protect network data and ensure cloud privacy has never been greater. With a B.S. in Network Operations and Security, you can get the credentials it takes to become an IT security management expert.

adimitAuthor Commented:
I figure a frame checksum is hardware. This can't be hardware.

This is a functioning system, with some software related problems that I can trace to this message.
One computer runs windows 2003 server. The other device is not a computer, but an IP capable instrument with no OS.

ipconfig doesn't report errors because the errors are random
adimitAuthor Commented:
oops i meant ping,  doesn't report errors
The IP checksum is a layer 3 field.  If it is the only thing that your sniffer (wireshark) detects is wrong with the packet then I think it is likely to be an error in the checksum calculation (which could be done in hardware, but it's probably more likely that the TCP/IP stack is implemented in software) rather than a completely bad packet which points to an implementation flaw rather than bad cabling or something.

The fact that the checksum is zero rather than an incorrectly calculated value points to the possibility that the packet generation is not even performing checksum calculation.  It could also be something that is inspecting the packet during routing.

What can you tell us about the device sending the packets?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
(wireshark) was a question by the way. (wireshark?)
I have seen this with the TCP/IP checksum offload settings enabled on NICs.
In that case it is not an error it is just the way the analyzer sees the packet which is before the NIC has added the checksum which is what offload does.
That's right. It does do that, nice job Rick.
We have seen that "IP capable instruments" don't always have properly-built IP stacks. If the bad checksums are coming from that device then this could be the problem. Sometimes they use custom-built stacks instead of including "off-the-shelf" code.

I may be wrong but if checksum offload was set on the NIC then wouldn't all of the packets from the host display bad checksums instead of just some?
adimitAuthor Commented:
Answers to Questions:
Sniffer: Wireshark
Source Address: Windows 2003 Server Running an OPC Server. The OPC Server is the source of the checksum.
Destination: PLC , an instrument with no OS.
I have some comm errors between the two devices.  The IP error in wireshark correlates with a 'spurious error' message in the OPC server.

Hope this helps. Thanks for all of the ideas.
Being a novice isn't the IP portion just a router whose job is to determine where the information goes to?  Are you saying that the source of the problem must be the OPC Server?

adimitAuthor Commented:
At this point and time it was determined that the ip checksum error was being caused by a piece of software that was overloading the  OPC Server. The vendor was contacted and the problem was fixed. Thank's for all of your help
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.