Bug ID: 14425
           Summary: Expert Information Summary for Bad Checksum is
           Product: Wireshark
           Version: Git
          Hardware: x86
                OS: Windows 10
            Status: UNCONFIRMED
          Severity: Major
          Priority: Low
         Component: Qt UI
  Target Milestone: ---

Created attachment 16132
PCAP with bad TCP and CIP Safety checksums

Build Information:
Version 2.5.1-del (v2.5.1rc0-88-g27b571e6) 
Copyright 1998-2018 Gerald Combs <> and contributors.
License GPLv2+: GNU GPL version 2 or later
<> This is free software;
see the source for copying conditions. There is NO warranty; not even for
Compiled (64-bit) with Qt 5.9.1, with WinPcap (4_1_3), with GLib 2.42.0, with
zlib 1.2.11, with SMI 0.4.8, with c-ares 1.13.0, with Lua 5.2.4, with GnuTLS
3.4.11, with Gcrypt 1.7.6, with MIT Kerberos, with GeoIP, with nghttp2 1.14.0,
with LZ4, with Snappy, with libxml2 2.9.4, with QtMultimedia, with AirPcap,
with SBC, with SpanDSP, with bcg729. 
Running on 64-bit Windows 7 Service Pack 1, build 7601, with Intel(R) Xeon(R)
CPU E3-1270 v5 @ 3.60GHz (with SSE4.2), with 4095 MB of physical memory, with
locale English_United States.1252, with WinPcap version 4.1.3 (packet.dll
version, based on libpcap version 1.0 branch 1_0_rel0b (20091008),
with GnuTLS 3.4.11, with Gcrypt 1.7.6, with AirPcap 4.1.0 build 1622, binary
plugins supported (14 loaded). Built using Microsoft Visual C++ 12.0 build
Wireshark is Open Source Software released under the GNU General Public
Check the man page and for more information. 
This affects the latest git (27b571e62f6a672804c6f8e7b0558ccfb589cf9b) and the
beta 2.5.0.

This only applies when "Group by summary" is checked.

There are 2 issues:
1. The Expert Information Summary field for checksum failures is being
formatted as this: "Bad checksum [should be 0x45d2]". This is incorrect because
the checksum referenced (0x45d2) is only for the first entry in the grouping.
If there are multiple entries in the grouping, the other entries should have
other checksums.
2. The summary of "Bad checksum" isn't as descriptive as it used to be.
Individual protocols have more specific information. eg: "CRC-S3 incorrect",
"CRC-S5 incorrect", etc.

This seems to affect all protocols.

To reproduce:
1. Load attached pcap: cipsafety_bad_crc.pcap
2. Edit -> Preferences -> Protocols -> TCP -> Check "Validate the TCP checksum
if possible". This is only needed to show the problem for TCP checksums
3. Open Expert Information page.
4. TCP errors show "TCP: Bad checksum [should be 0x1fb1]" for 3 entries, even
only one of those entries should have the checksum 0x1fb1
5. CIP Safety errors show "CIP Safety: Bad checksum [should be 0x45d2]", even
only one of those entries should have the checksum 0x45d2

You are receiving this mail because:
You are watching all bug changes.
Sent via:    Wireshark-bugs mailing list <>

Reply via email to