This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I have a IPv6 network. I sent a big, non-fragmentable ping. The packet tried to cross over a small link, and I got a "Packet too Big" ICMP error out of it. So far, so good.

Here is some relevant background data I'd like you make sure you're considering:

  • An ICMP error contains as "payload" the original packet which caused the error.
  • This "inner" packet can be truncated. This is perfectly legal.

The "Packet too Big" is the fourth packet in the listing below. As you can see, Wireshark is complaining because the checksum of the inner packet (ie. the original packet) is incorrect.

capture pic

Why is Wireshark complaining?

The inner packet's IPv6 header reports there should be 1408 bytes of payload, but this data was largely truncated, as you can see, so it shouldn't be possible to validate that particular checksum.
Is there some checksum computation black magic I'm not aware of?

Incidentally, the original packet (the ping) is also present in the capture, but its checksum is not 0xc30e either. Here is the capture.

My About says I'm using Wireshark "Version 1.10.6 (v1.10.6 from master-1.10)", Ubuntu 14.04.

asked 24 Oct '14, 08:26

ydahhrk's gravatar image

ydahhrk
16114
accept rate: 0%

edited 24 Oct '14, 08:28


Why is Wireshark complaining?

If it's calculating a checksum for an incomplete packet, it's complaining because it's buggy.

Please file a bug on this on the Wireshark Bugzilla, and attach the capture to it.

permanent link

answered 24 Oct '14, 15:34

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

edited 24 Oct '14, 15:34

(24 Oct '14, 17:02) ydahhrk
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×51
×36
×8
×6

question asked: 24 Oct '14, 08:26

question was seen: 1,486 times

last updated: 24 Oct '14, 17:02

p​o​w​e​r​e​d by O​S​Q​A