1

So I was just doing some server side troubleshooting on the network I noticed that 1 of the servers sends all packets with the IP level checksum set to 0. It caught my eye because in my wireshark capture, all packets (no matter what application level protocol, tcp/udp) have the IP layer were marked black (default color setting for wireshark). The server has been working fine, there are no issues with it in terms of network communication, it just caught my eye and seems to be bugging me.

Anyone have any ideas what settings to check on this server? Its a Windows 2003 Standard edition server.

Archit Baweja
  • 280
  • 7
  • 17

1 Answers1

2

Your server just uses TCP checksum offload - the checksum is calculated and changed within the packet by the network hardware (i.e. your NIC). This is a rather common feature. The Wireshark documentation states:

Checksum offloading often causes confusion as the network packets to be transmitted are handed over to Wireshark before the checksums are actually calculated. Wireshark gets these "empty" checksums and displays them as invalid, even though the packets will contain valid checksums when they leave the network hardware later.

So just disable TCP checksum checking in Wireshark preferences if you do not like the black mark on your packets.

the-wabbit
  • 40,737
  • 13
  • 111
  • 174