| Hi,
How did you determine that the checksum was 0? Did you capture truly ‘off the wire’? Or did you look closely at the shared capture file? I did the later and already saw the zero checksum. That’s what triggered my initial question on where did you capture. Having 0 as IP checksum at the *sending* side is not uncommon, the responsibility to calculate and fill in the checksum is then left to the network hardware, *after* capture has taken place. So again, how did you determine that the checksum was 0 *on the wire*?
In fact Wireshark does add an expert item to incorrect IP checksums, iff the IP protocol preference is enabled. Is it in your case?
Thanks, Jaap
Hi, I identified the problem.
The ip header checksum in the reply was 0.(you can see that in the pcap attached in link). I wander why it is not marked in yellow or somthing similar, so that it will be more clear that there might be a problem because of wrong checksum. Thanks.
Ran
בתאריך 25 בספט 2017 23:25, "Jaap Keuter" <jaap.keuter@xxxxxxxxx> כתב:
>
> HI,
>
> Best way is to put a switch with monitor port between the two hosts and capture the traffic there.
> Then you’ll know what the hosts really see from the other, and can Wireshark be helpful in further checks.
>
> Thanks,
> Jaap
>
>
> > On 25 Sep 2017, at 17:53, Ran Shalit <ranshalit@xxxxxxxxx> wrote:
> >
> > Hello Jaap,
> >
> > I don't have the capturing in the other side (it is embedded target).
> > I reolve the issue, it seems to be related to checksum.
> > Yet, I didn't see in wireshark any warning or yello marking on the
> > reply checksum.
> >
> > Do you know how I could easily detect that there is an ICMP reply
> > checksum issue with wireshark ?
> >
> > Thanks,
> > Ran
> >
> > On Mon, Sep 25, 2017 at 12:30 PM, Jaap Keuter <jaap.keuter@xxxxxxxxx> wrote:
> >> Hi,
> >>
> >> This was captured at 192.168.1.100, yes?
> >> What do you see when capturing at the originator interface (192.168.1.110)?
> >>
> >> Thanks,
> >> Jaap
> >>
> >>
> >>> On 25 Sep 2017, at 09:38, Ran Shalit <ranshalit@xxxxxxxxx> wrote:
> >>>
> >>> Hello,
> >>>
> >>> I would appreciate it if someone can assist in analyzing icmp request/reply :
> >>>
> >>> https://drive.google.com/file/d/0B22GsWueReZTZ0hfU2dRdE9rR2s/view?usp=sharing
> >>>
> >>> I ping from pc to another machine, and in wireshark it looks perfect
> >>> without error, yet I always get "request time out".
> >>> I tried a lrager timeout (-w paramater), and ping from different
> >>> machine, firewall disable, but I always get request time out in the
> >>> PC.
> >>>
> >>> Thank you for any suggestion,
> >>> Ran
> >>
|