Recently, I started paying attention to the TCP frames on
PPPDump logs that I collected on a GPRS smart-phone device. I noticed
that on a particular HTTP transaction, Ethereal identified every other packet
coming from the HTTP server as having an *incorrect*
TCP packet checksum. At the same time, Ethereal identified *all* “data-carrying” packets going
from the smart-phone to the HTTP server as having an “incorrect”
TCP packet checksum. In the phone-to-server direction, only the Ack
packets were identified as having a correct TCP packet checksum. Also,
none of the packets appeared to be retries.
Could someone please help me understand how the HTTP data
exchange is able to take place between the two machines with so much of the
traffic being identified by Ethereal as having *incorrect* TCP packet checksums?
I am using Ethereal 0.10.8 on Windows XP. I had the
same results with 0.10.6.
I am attaching the PPPDump trace (BadTCPChecksum.eth) to
this posting, however this being my first posting, I am not sure whether the
attachment will actually show up on the thread. I collected the PPP trace
in the phone’s PPP driver, so the server’s possible offloading of
TCP checksums should not have been a factor here. Also, there is no TCP
check-sum offloading on the phone, so the packets sent from the phone should
have all the fields filled in before I trace them. Please note that
4.23.88.219 is the HTTP server and 10.120.26.127 is the phone in this PPPDump.
The server and client both make use of VJ compression and Selective ACKs.
Many thanks,
Vitaly
|
Attachment:
BadTCPChecksum.eth
Description: BadTCPChecksum.eth