Wireshark - 1.0 Betriebsanweisung
7.8. Checksums
Several network protocols use checksums to ensure data integrity.
Tip!
Applying checksums as described here is also known as redundancy checking.
What are checksums for?
Checksums are used to ensure the integrity of data portions for data transmission or storage.
A checksum is basically a calculated summary of such a data portion.
A checksum is basically a calculated summary of such a data portion.
Network data transmissions often produce errors, such as toggled, missing or duplicated bits.
As a result, the data received might not be identical to the data transmitted, which is obvi-
ously a bad thing.
As a result, the data received might not be identical to the data transmitted, which is obvi-
ously a bad thing.
Because of these transmission errors, network protocols very often use checksums to detect
such errors. The transmitter will calculate a checksum of the data and transmits the data to-
gether with the checksum. The receiver will calculate the checksum of the received data with
the same algorithm as the transmitter. If the received and calculated checksums don't match a
transmission error has occurred.
such errors. The transmitter will calculate a checksum of the data and transmits the data to-
gether with the checksum. The receiver will calculate the checksum of the received data with
the same algorithm as the transmitter. If the received and calculated checksums don't match a
transmission error has occurred.
Some checksum algorithms are able to recover (simple) errors by calculating where the ex-
pected error must be and repairing it.
pected error must be and repairing it.
If there are errors that cannot be recovered, the receiving side throws away the packet. De-
pending on the network protocol, this data loss is simply ignored or the sending side needs to
detect this loss somehow and retransmits the required packet(s).
pending on the network protocol, this data loss is simply ignored or the sending side needs to
detect this loss somehow and retransmits the required packet(s).
Using a checksum drastically reduces the number of undetected transmission errors.
However, the usual checksum algorithms cannot guarantee an error detection of 100%, so a
very small number of transmission errors may remain undetected.
However, the usual checksum algorithms cannot guarantee an error detection of 100%, so a
very small number of transmission errors may remain undetected.
There are several different kinds of checksum algorithms; an example of an often used check-
sum algorithm is CRC32. The checksum algorithm actually chosen for a specific network
protocol will depend on the expected error rate of the network medium, the importance of er-
ror detection, the processor load to perform the calculation, the performance needed and
many other things.
sum algorithm is CRC32. The checksum algorithm actually chosen for a specific network
protocol will depend on the expected error rate of the network medium, the importance of er-
ror detection, the processor load to perform the calculation, the performance needed and
many other things.
Further information about checksums can be found at:
http:/ / en.wikipedia.org/ wiki/
Checksum
.
7.8.1. Wireshark checksum validation
Wireshark will validate the checksums of several protocols, e.g.: IP, TCP, UDP, ...
It will do the same calculation as a "normal receiver" would do, and shows the checksum fields in
the packet details with a comment, e.g.: [correct], [invalid, must be 0x12345678] or alike.
the packet details with a comment, e.g.: [correct], [invalid, must be 0x12345678] or alike.
Checksum validation can be switched off for various protocols in the Wireshark protocol prefer-
ences, e.g. to (very slightly) increase performance.
ences, e.g. to (very slightly) increase performance.
If the checksum validation is enabled and it detected an invalid checksum, features like packet reas-
sembling won't be processed. This is avoided as incorrect connection data could "confuse" the in-
ternal database.
sembling won't be processed. This is avoided as incorrect connection data could "confuse" the in-
ternal database.
Advanced Topics
145