It has been a while that I'm experiencing some problems on my network, as I'm not the network admin and I've got from them the info that everything is OK on the network side I'll need your help to investigate what's going on.
I've started the capture and most of the packets had the Checksum error, I've deactivated this filter as per some other post recommendation to see what is left and I can see a couple of packets, when i go to detail window expand the Internet Protocal and the Header, it shows a red highlight on the Header and then on Bad:True, also says Header checksum: 0x0000 [incorrect, should be 0x822f], this 0x822f is replaced by many other numbers for the other packets.
Can you help me on this troubleshoot? I can post the capture if necessary.
This question is marked "community wiki".
asked 13 Aug '12, 04:09
Please check if the packets with checksum errors are packets your machine is sending out to the network. If they are, and none of the incoming packets have errors, you can ignore these CRC error messages - they're a result of you capturing your own traffic locally with network card optimizations enabled.
Especially the 0x0000 is a typical value for a placeholder when the NIC does the checksum calculation later (after Wireshark captured the packet already).
answered 13 Aug '12, 04:22
As Jasper says, the errors are often caused by the network driver calculating the checksum after Wireshark has captured it. You can turn off the display of these errant errors by:
For IP checksums right click on the IP part of the frame in the packet details pane (the tree) and go into Protocol Preferences and uncheck "Validate the IPv4 checksum if possible". You may also want to check "Support packet-capture from IP TSO-enabled hardware".
For TCP checksums, right click on the TCP part of the frame, and again in Protocol Preferences uncheck "Validate the TCP checksum if possible".
answered 13 Aug '12, 04:31