I understand why I was getting so many header checksum errors so I went to Edit > Preferences > Protocols and chose IPv4 as well as TCP and deselected 'Validate the IPv4 checksum if possible' I'm still getting lots of header checksum errors, however. I would think they would be taken care of by making those setting changes. Anyone have any ideas? Regards, Joe asked 24 Jul '12, 08:45  JoeyJoeJoe1970 |
2 Answers:
Are they by any chance UDP packets? You might want to disable checksum checking in the UDP protocol preferences too... answered 24 Jul '12, 09:01  SYN-bit ♦♦ |
sounds like IP checksum checking is not disabled, although you say so. The code in epan/dissectors/packet-ip.c (Wireshark 1.8.0) will only print that specific error message, if the IP preference "Validate the IPv4 checksum if possible" is set (Default: yes/true).
What is the output of the following command?
What is your Wireshark version? Regards answered 24 Jul '12, 11:49  Kurt Knochner ♦ edited 24 Jul '12, 12:27 command: tshark -G currentprefs | find "ip.check" results: ip.check_checksum: FALSE Version 1.8.1 (SVN Rev 43946 from /trunk-1.8) Puzzling (24 Jul '12, 12:27) JoeyJoeJoe1970
yep. Can you please post a screenshot (and possibly a sample capture file)? (24 Jul '12, 12:28) Kurt Knochner ♦ I just tested with 1.8.1 on Windows 7 (32 Bit) and it works as expected. I modified the IP checksum with a HEX editor. IP checksum checking: OFF
IP checksum checking: ON
If you run it on Windows as well, I recommend to uninstall Wireshark (delete preferences - ONLY if you don't need them) and then reinstall. (24 Jul '12, 12:41) Kurt Knochner ♦ |
Nope. Checksum validation was turned off for IPv4, TCP and UDP.
The error I see is 'Header checksum: 0x000 [incorrect, should be 0xf9dc (maybe caused by "IP checksum offload"?)].
It's not for every packet but definitely every third one or so.
Incoming or outgoing packets?