Hi Sake, IMO, it would be better to create an expert item associated to this specific incorrect checksum.
Regards, Sebastien Tandel Sake Blok wrote: > Hi, > > I did some research to tcp-checksum 0xffff. This checksum should not > appear in tcp-headers. RFC 1624 explains that it can be generated > by a (not-so-good) algorythm for incremental updates to the tcp-checksum > (after NAT for example). The RFC advises systems to validate the > checksum according to RFC 1071 (which will treat the checksum as > valid). Wireshark indeeds uses the method from RFC 1071. > > However, some systems just calculate the checksum and then compare > it to the checksum in the packet. This results is a bad checksum > (0x0000 != 0xffff) and the packet will be dropped. > > To enhance troubleshooting this situations I wrote a patch that > displayes the checksum as follows: > > Checksum: 0xffff [incorrect, should be 0x0000 (maybe caused by "Incremental > update"? See RFC 1624.)] > > Could someone review this patch (which is attached to bugzilla)? > > Cheers, > > > Sake > _______________________________________________ > Wireshark-dev mailing list > [email protected] > http://www.wireshark.org/mailman/listinfo/wireshark-dev > _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
