This is a static archive of our old Q&A Site. Please post any new questions and answers at

Difference between v1.4 and v2.2 in checksum fields


In WireShark v1.4, Within a package the branch expands and in the Header value it shows the following:

Header checksum: 0x5dd [incorrect, should be 0x5e16]
  [Good: False]
  [Bad: True]
     [Expert Info (Error/checksum): Bad checksum]
           [Message: Bad checksum]
           [Severity level: Error]
           [Group: Checksum]
While in v2.2 only show me:
Header checksum: 0x0bc8
[Header checksum status: Unverfied]

Why ? Somebody knows how enable this information ? Please I need your help

asked 29 Dec '16, 15:27

Hunapuh's gravatar image

accept rate: 0%

edited 30 Dec '16, 06:12

grahamb's gravatar image

grahamb ♦

One Answer:


The way checksum check information is presented has a been extended to allow for more variations. What used to be two binary flags (checksum.good and checksum.bad) is now an single value (checksum.status).

In your first example (of v1.4) checksum checking is enabled(!) and the result is that it is not good. In your second example (of v2.2) checksum checking is disabled(!) and therefore the result is 'Unverified'.

What you at least should do is enable checksum checking in the second example to get comparable situations. This checksum checking is defined by the protocol preferences of the protocol including this checksum.

answered 30 Dec '16, 04:00

Jaap's gravatar image

Jaap ♦
accept rate: 14%