Is the fashion for counting checksums of network packets going away?

1

10101010010001001101001112012-06-14 09:25:21

Computer networks

1010101001000100110100111, 2012-06-14 09:25:21

Once upon a time, I wrote a network analyzer on my knee (in PHP), to which you can “feed” a file with a record of network packets, and at the output get the contents of TCP streams assembled from individual IP packets.
Recently I fed a similar file to my analyzer, and was surprised to find that almost half of the packets were lost (although in the file itself, when viewed with "eyes", the characteristic HTTP headers present inside supposedly lost packets are easily detected).
Having fed the “broken” file to the Network Monitor itself (which wrote this file), I noticed that in all outgoing IP packets, zero is written in the “checksum” field, and BAD-checksum is written for the checksum field of the TCP segment.
That is, it was my own analyzer that dropped the packets, since it honestly checked the checksums.
But, despite the “left” checksums, all network applications (the packages of which I tried to catch) worked fine for themselves.

Has anyone else experienced similar things in their practice?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

E

ertaquo, 2012-06-14
@1010101001000100110100111

Here is the description of your problem: Ip Header Checksum Error . In short: the problem happens when you intercept local traffic, or when Task Offload is enabled .