What would cause an Internet Protocol Checksum error

I am getting some header checksum errors when I run a network sniffer. What would cause these?

Example error: internet protocol header checksum: 0x0000 [Incorrect, should be 0x6829
adimitAsked:
Who is Participating?
 
jahboiteCommented:
The IP checksum is a layer 3 field.  If it is the only thing that your sniffer (wireshark) detects is wrong with the packet then I think it is likely to be an error in the checksum calculation (which could be done in hardware, but it's probably more likely that the TCP/IP stack is implemented in software) rather than a completely bad packet which points to an implementation flaw rather than bad cabling or something.

The fact that the checksum is zero rather than an incorrectly calculated value points to the possibility that the packet generation is not even performing checksum calculation.  It could also be something that is inspecting the packet during routing.

What can you tell us about the device sending the packets?
0
 
gelonidaCommented:
bad cable?
device with brokenTCP/IP  stack?
broken network sniffer?

could you explain a little more about your setup?
Wired? / cabled? / with routers / with switches , etc.

If it's cabled and a small home network, then just replace your ethernet cable and retry.
Cables might be broken even if you don't see any external damage.
0
 
adimitAuthor Commented:
if its IP would it not be software related? I thought frame check sum errors being layer 2 had to do with hardware.

This isn't a home network. Each station is connected to a layer 2 switch via cat5. Since both computers are in different parts of the plant, the switches are interconnected with fiber. There are about 40 devices on the network.

I don't get many of them but they show up at a rate of 1 every 15 minutes
0
Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

 
gelonidaCommented:
I'm not very knowledgable about all the NW ayers, but I think you're right.
This sounds more be a HW error.

In our case (huge corporate NW) we observed a low data rate and errors were seem on linux with ifconfig..
The culprit was a bad cat5 patch cable.

Are the errors only between two specific hosts?
or is it always the same host, which is involved?

if it's a Unix host/ does ifconfig also report this errors?
0
 
adimitAuthor Commented:
I figure a frame checksum is hardware. This can't be hardware.

This is a functioning system, with some software related problems that I can trace to this message.
One computer runs windows 2003 server. The other device is not a computer, but an IP capable instrument with no OS.

ipconfig doesn't report errors because the errors are random
0
 
adimitAuthor Commented:
oops i meant ping,  doesn't report errors
0
 
jahboiteCommented:
(wireshark) was a question by the way. (wireshark?)
0
 
Rick_O_ShayCommented:
I have seen this with the TCP/IP checksum offload settings enabled on NICs.
In that case it is not an error it is just the way the analyzer sees the packet which is before the NIC has added the checksum which is what offload does.
0
 
jahboiteCommented:
That's right. It does do that, nice job Rick.
0
 
mikebernhardtCommented:
We have seen that "IP capable instruments" don't always have properly-built IP stacks. If the bad checksums are coming from that device then this could be the problem. Sometimes they use custom-built stacks instead of including "off-the-shelf" code.

I may be wrong but if checksum offload was set on the NIC then wouldn't all of the packets from the host display bad checksums instead of just some?
0
 
adimitAuthor Commented:
Answers to Questions:
Sniffer: Wireshark
Source Address: Windows 2003 Server Running an OPC Server. The OPC Server is the source of the checksum.
Destination: PLC , an instrument with no OS.
I have some comm errors between the two devices.  The IP error in wireshark correlates with a 'spurious error' message in the OPC server.

Hope this helps. Thanks for all of the ideas.
Being a novice isn't the IP portion just a router whose job is to determine where the information goes to?  Are you saying that the source of the problem must be the OPC Server?



0
 
adimitAuthor Commented:
At this point and time it was determined that the ip checksum error was being caused by a piece of software that was overloading the  OPC Server. The vendor was contacted and the problem was fixed. Thank's for all of your help
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.