Tag Archives: Wireshark Error

When Wireshark grabs packets, IP check sum error is displayed

During the packet capture process, it is found that many TCP packets sent from the local host (client) are reported with IP Checksum error, but the application is normal, and the packets returned from the server are all normal, which is very strange.
As shown in the figure, many black items, black is usually the package in question:

5.23 EtherealTCP checksum errors are found during packet capture

Q:
TCP checksum errors found when grabbing packets with Ethereal on Windows platform.
But the response from the application layer tells me that the TCP checksum is OK for this message.

A: 2000-03
Network Card Configuration->Advanced->Rx Checksum Offload/Tx Checksum Offload.
It is likely that your two settings are Enable, just adjust them to Disable at the cost of reduced network performance.

The computation of TCP/UDP/IP checksums is typically done by the operating system's TCP/IP stack.
After these two locations are set to Enable, the protocol stack no longer performs the checksum calculations, but rather the NIC itself.
If no Rx Checksum Offload/Tx Checksum Offload entries are found in the aforementioned locations.
There are two possibilities, one is that the network card itself does not support this feature, and the other is that the driver of the network card does not provide a configuration item, the latter case is the most common.

In fact, the problem has nothing to do with what kind of Sniffer software is used.

Solutions:
Disable the Checksum Offload (the idea is to let the network card hardware compute the Checksum itself, rather than handing it over to the OPERATING system’s TCP/IP stack) by changing the properties of the card:

When Checksum Offload is disabled, the captured package displays much more cleanly: