Hi Sake,
IMO, it would be better to create an expert item associated to this
specific incorrect checksum.
Regards,
Sebastien Tandel
Sake Blok wrote:
> Hi,
>
> I did some research to tcp-checksum 0xffff. This checksum should not
> appear in tcp-headers. RFC 1624 explains that it can be generated
> by a (not-so-good) algorythm for incremental updates to the tcp-checksum
> (after NAT for example). The RFC advises systems to validate the
> checksum according to RFC 1071 (which will treat the checksum as
> valid). Wireshark indeeds uses the method from RFC 1071.
>
> However, some systems just calculate the checksum and then compare
> it to the checksum in the packet. This results is a bad checksum
> (0x0000 != 0xffff) and the packet will be dropped.
>
> To enhance troubleshooting this situations I wrote a patch that
> displayes the checksum as follows:
>
> Checksum: 0xffff [incorrect, should be 0x0000 (maybe caused by "Incremental update"? See RFC 1624.)]
>
> Could someone review this patch (which is attached to bugzilla)?
>
> Cheers,
>
>
> Sake
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>