Ethereal-users: [Ethereal-users] Incorrect TCP packet checksum reported every other packet

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Vitaly Kruglikov" <Vitaly.Kruglikov@xxxxxxxxxxx>
Date: Thu, 23 Dec 2004 21:26:17 -0800

Recently, I started paying attention to the TCP frames on PPPDump logs that I collected on a GPRS smart-phone device.  I noticed that on a particular HTTP transaction, Ethereal identified every other packet coming from the HTTP server as having an *incorrect* TCP packet checksum.  At the same time, Ethereal identified *all* “data-carrying” packets going from the smart-phone to the HTTP server as having an “incorrect” TCP packet checksum.  In the phone-to-server direction, only the Ack packets were identified as having a correct TCP packet checksum.  Also, none of the packets appeared to be retries.

 

Could someone please help me understand how the HTTP data exchange is able to take place between the two machines with so much of the traffic being identified by Ethereal as having *incorrect* TCP packet checksums? 

 

I am using Ethereal 0.10.8 on Windows XP.  I had the same results with 0.10.6.

 

I am attaching the PPPDump trace (BadTCPChecksum.eth) to this posting, however this being my first posting, I am not sure whether the attachment will actually show up on the thread.  I collected the PPP trace in the phone’s PPP driver, so the server’s possible offloading of TCP checksums should not have been a factor here.  Also, there is no TCP check-sum offloading on the phone, so the packets sent from the phone should have all the fields filled in before I trace them.  Please note that 4.23.88.219 is the HTTP server and 10.120.26.127 is the phone in this PPPDump.  The server and client both make use of VJ compression and Selective ACKs.

 

Many thanks,

 

Vitaly

Attachment: BadTCPChecksum.eth
Description: BadTCPChecksum.eth