Hi, im getting some errors while running wireshark. im getting all these errors from my network printer what could be the reason for that? [Expert Info (Error/Checksum): Bad checksum [should be 0x1c224e67] asked 25 May '17, 09:08 vasim |
One Answer:
It probably means that Wireshark thinks the packet, as captured, has a CRC at the end when, in fact, it doesn't. (All Ethernet packets have a CRC at the end - but not all capture devices and mechanisms include the CRC in the packet data.) We'd have to see one of the packets (preferably in the form of a capture file, rather than a screenshot) to see whether this is a problem in Wireshark or just some case where there's not enough information for Wireshark to determine whether there's a CRC or not. answered 27 May '17, 12:59 Guy Harris ♦♦
(28 May '17, 04:05) vasim OK, this is on Windows (on UN*X, interfaces don't have names like That means that, if the host that transmitted it padded the payload sufficiently to make it a minimum-length Ethernet frame, if it were 64 bytes long the last 4 bytes would be the FCS. So, given that the last 4 bytes are zero, either 1) the machine that sent it added an extra 4 bytes of padding - which is legal, although wasteful - or 2) those 4 bytes of zero were added by something else. Perhaps Wireshark's heuristic to guess whether there's an FCS or not should assume that if the last 4 bytes of the frame are zero, it's not an FCS. For now, just ignore those errors if the FCS is reported as zero. (28 May '17, 09:24) Guy Harris ♦♦ |
In what context is the checksum? From the size it would seem to be an application protocol?
getting this error at broadcast ARP Frame check sequence: 0x00000000 [incorrect, should be 0xa5a56305] im getting this for my 2 network printers.