Ethereal-users: Re: [Ethereal-users] CRC-check incorrect with win2000 if traffic goes to the own
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
Date: Fri, 28 Feb 2003 13:05:07 +0100
Hi, thank you for your hint about my difficultes. Ideed, windows 2000 uses tcp offloading which causes a checksum error for the transmitted sniff files. There are two way to circumvent this trouble is, if possible, to reconfigure the network card. the second way is to switch off the offloading feature by introducing the value "DisableTaskOffload" at the registry as follows: Guten Abend Ralf, Heureka, ich hab's gefunden. Man kann in der registry die offload Funktion wie folgt ausschalten: Start rededt32 HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services: \Tcpip \Parameters Edit Add Value... Value Name: DisableTaskOffload Data Type: REG_DWORD Data: 0 0=default , 1=now you are able to sniff without checksum error Close regedt32 Restart the System! Referenz: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itsolutions/network/deploy/depovg/tcpip2k.asp Hans-Joachim Behnke Philips Medical Systems Hamburg Tel.: +49 40 5078 2414 Fax .:+49 40 5078 4137 E-Mail Hans-Joachim.Behnke@xxxxxxxxxxx To: Hans-Joachim Behnke/HBG/MS/PHILIPS@EMEA1 cc: ethereal-users@xxxxxxxxxxxx Subject: Re: [Ethereal-users] CRC-check incorrect with win2000 if traffic goes to the own host Guy Harris <guy@xxxxxxxxxx> Classification: 26.02.2003 22:11 On Wed, Feb 26, 2003 at 05:26:23PM +0100, hans-joachim.behnke@xxxxxxxxxxx wrote: > I'm using ETHEREAL on windows 2000 OS. If I sniff data flow to my own > computer, I always get an incorrect crc - check on tcp-level. Presumably by "crc" you mean "checksum" (the TCP checksum isn't a cyclic redundancy check). Do you see it on traffic *to* the computer running Ethereal - or on traffic *from* the computer running Ethereal? If it's the latter, I suspect the network interface on which you're sniffing does TCP checksum offloading; that means that the networking stack in the OS doesn't compute a checksum before handing the packet to the network interface, as it's relying on the interface to do it, which also means no checksum is computed before it's handed to the OS's packet capture mechanism. > I did not have this error when I've uses winNT4. I think support for checksum offloading was added in Windows 2000. > Is there any solution? If it's a checksum-offloading issue, there's no solution (other than, if possible, turning off checksum offloading) that would cause correct checksums to appear on outgoing packets. However, you *can* disable checksum checking - it's the "Check the validity of the TCP checksum when possible" item in the preferences for TCP; select "Preferences" from the "Edit" menu, open up the "Protocols" list in the left-hand pane of the preferences dialog box, select "TCP", turn off that option, click "Save", and click "OK". That will get rid of the checksum error indications, and will also allow reassembly of packets split across TCP segments to occur even with those packets with bogus checksums.
- Follow-Ups:
- Prev by Date: Re: [Ethereal-users] TCP ACK packets with data in them...
- Next by Date: RE: [Ethereal-users] Windows XP Promiscuous mode
- Previous by thread: Re: [Ethereal-users] CRC-check incorrect with win2000 if traffic goes to the own host
- Next by thread: Re: [Ethereal-users] CRC-check incorrect with win2000 if traffic goes to the own host
- Index(es):