Hi Rob, On Wed, 2008-06-11 at 05:25 -0700, Rob Loefman wrote: > Can anybody, please, tell me what has happened with this UDP packet, > which has a header checksum of 0. I have attached the code and capture.
This might be related to hardware checksum computation. Snoop grabs packets _before_ they reach the hardware, and if hardware checksum offload is in use, IP won't bother to compute a header checksum in software (leaving it with a value of 0) before passing the packet down to the lower levels of the stack. I suspect that this is what you're observing. If you snoop on the wire on a 3rd system or on the destination, is the checksum non-zero? Does the packet reach its destination without experiencing checksum errors? (I can't tell if you're reporting a problem, or if you're just curious about why the packet looks wrong). > PS: 10.20.31.83 is NIC e1000g2 on my computer, but still i have to use > snoop -d e1000g0 to see it. It is clearly bound to interface e1000g2, > but snoop -d e1000g2 will not show it. Binding does not affect the output interface, only the source address. If your application binds to an address that happens to be configured on interface A, but the forwarding table dictates that the destination is reachable through interface B, then your packet will go out of interface B. I suspect that's why you need to snoop on e1000g0 here. -Seb
