This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi All,

I have implemented TCP protocol. For calculation of TCP Checksum I have used code from "http://www.netfor2.com/tcpsum.htm". Some times it calculates checksum as zero.

  1. My question is can TCP checksum be zero??
  2. I have captured this in Wireshark and it displays as correct checksum.
  3. Neither the OS nor the network card is calculating the checksum. Both client and server application are written using my tcp. While debugging I have seen the my tcp lib is calculating checksum as zero.

Thanks in advance. Prithvi

asked 30 Aug '12, 05:38

prithvi's gravatar image

prithvi
6558
accept rate: 0%


A tcp checksum of 0x0000 is legal. The final ones complement in the algorithm can result in 0x0000. An answer of 0xffff is not legal. That is, prior to the final ones complement in the calculation, the answer can never be 0x0000.

This is also true for the IP header checksum, but it is not true for UDP. UDP has a special case where 0x0000 is reserved for "no checksum computed". Thus for UDP, 0x0000 is illegal and when calculated following the standard algorithm, replaced with 0xffff.

permanent link

answered 26 Mar '13, 09:36

alank25's gravatar image

alank25
61136
accept rate: 100%

edited 26 Mar '13, 09:44

No, the checksum should not be 0x0000, but 0xffff. It all depends on the way you calculate the checksum. When using one-complement, there can be +0 and -0 which are different.

For more information see RFC 1624: Computation of the Internet Checksum via Incremental Update

permanent link

answered 30 Aug '12, 08:26

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

I don't think this is correct. RFC 1624 appears to be clarifying a mistake made in RFC 1141 whereby a checksum of 0xFFFF was computed using incremental update when it should have been 0x0000, as would have been computed using the checksum computation from scratch method, presumably the one provided in section 4.1 of RFC 1071.

I think alank25's answer is actually the correct one.

By the way, Wireshark considers both 0xFFFF and 0x0000 as correct IP checksums. I'm not sure this is a good idea. If my (and alank25's) reading of RFC 1624 is correct, then it would seem that Wireshark should be indicating that 0xFFFF is not correct, or perhaps only correct according to RFC 1141.

(29 Jan '15, 12:49) cmaynard ♦♦
1

You're right! I will accept @alank25's answer on behalf of the original poster.

(29 Jan '15, 15:18) SYN-bit ♦♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×752
×36
×9

question asked: 30 Aug '12, 05:38

question was seen: 11,578 times

last updated: 29 Jan '15, 15:18

p​o​w​e​r​e​d by O​S​Q​A