ICMP/Internet checksum if packet entirely constists of zeros

Question

We are currently investigating a strange behavior of different devices: if we send "empty" ICMP packets (that is, ICMP-SEQ and ICMP-ID are 0x0000 and no ICMP payload), for example using

nping --icmp --icmp-seq=0 --icmp-id=0 8.8.8.8

then different systems reply differently:

• an Asus router, Windows 7 PC, Fritz!Box, Kali Linux box, all reply with checksum 0xFFFF, which is correct according to wireshark
• However, 8.8.8.8 and heise.de (193.99.144.80) both reply with 0x0000, which is marked as wrong by wireshark.

I am pretty sure that I have also seen 0xFFFF from 8.8.8.8, but I currently can't reproduce this.

SO, my Questions:

• What's the correct Internet Checksum for a packet consisting only of Zeros
• Is this behavior different if the packed is relayed via NAT (i.e. relayed through our router)?

Note: This ICMP packet is valid according to RFC 792

PS: I hope serverfault is the correct forum to ask. If not, I apologize in advance ;)

Answer 1

After digging around with tcpdump, nping and nmap for about three hours, I've managed to determine the following: Windows calculates the checksum properly, and basically nobody else does. When you have a packet that's all 0's, you should get a checksum of 0xffff (source), but every linux/BSD machine I've pinged has returned a checksum of 0x0000. I think this just comes down to an error in how the checksum is being calculated on many servers.