Ethereal-dev: Re: [Ethereal-dev] Searching for packets with incorrect checksums

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Jim Fleming" <jfleming@xxxxxxxx>
Date: Tue, 18 Dec 2001 13:46:56 -0600
----- Original Message ----- 
From: "Gilbert Ramirez" <gram@xxxxxxxxxxxxxxx>
To: "Guy Harris" <guy@xxxxxxxxxx>
Cc: "Michael Tuexen" <Michael.Tuexen@xxxxxxxxxxxxxxxxx>; <ethereal-dev@xxxxxxxxxxxx>
Sent: Tuesday, December 18, 2001 1:14 PM
Subject: Re: [Ethereal-dev] Searching for packets with incorrect checksums


> 
> On Tue, 18 Dec 2001 12:54:48 Guy Harris wrote:
> > 
> > The same way the IP dissector does it:
> > 
> >     if (ipsum == 0) {
> > proto_tree_add_uint_format(ip_tree, hf_ip_checksum, tvb,
> > offset + 10, 2, iph.ip_sum,
> > "Header checksum: 0x%04x (correct)", iph.ip_sum);
> >     }
> >     else {
> > proto_tree_add_item_hidden(ip_tree, hf_ip_checksum_bad, tvb,
> > offset + 10, 2, TRUE);
> > proto_tree_add_uint_format(ip_tree, hf_ip_checksum, tvb,
> > offset + 10, 2, iph.ip_sum,
> > "Header checksum: 0x%04x (incorrect, should be 0x%04x)",
> > iph.ip_sum, in_cksum_shouldbe(iph.ip_sum, ipsum));
> >     }
> 
> I don't like this use of hidden fields. Yes, the hf_ip_checksum_bad
> field is not part of the packet, but it should still be shown in the
> GUI protocol tree, so that users know that it exists and can be used
> in a filter expression.
> 

The IPv7 bit seems to be handled differently. When set, it shows
in the hex field as 0x80 but in the display as a 0x00.

This may help...
http://www.dot-biz.com/IPv4/Tutorial/
http://www.RepliGate.net

The Netfilter Project: Packet Mangling for Linux 2.4
http://netfilter.samba.org

Jim Fleming
http://www.IPv8.info
IPv16....One Better !!