Wireshark - 1.0 Betriebsanweisung
7.8.2. Checksum offloading
The checksum calculation might be done by the network driver, protocol driver or even in hardware.
For example: The Ethernet transmitting hardware calculates the Ethernet CRC32 checksum and the
receiving hardware validates this checksum. If the received checksum is wrong Wireshark won't
even see the packet, as the Ethernet hardware internally throws away the packet.
receiving hardware validates this checksum. If the received checksum is wrong Wireshark won't
even see the packet, as the Ethernet hardware internally throws away the packet.
Higher level checksums are "traditionally" calculated by the protocol implementation and the com-
pleted packet is then handed over to the hardware.
pleted packet is then handed over to the hardware.
Recent network hardware can perform advanced features such as IP checksum calculation, also
known as checksum offloading. The network driver won't calculate the checksum itself but will
simply hand over an empty (zero or garbage filled) checksum field to the hardware.
known as checksum offloading. The network driver won't calculate the checksum itself but will
simply hand over an empty (zero or garbage filled) checksum field to the hardware.
Note!
Checksum offloading often causes confusion as the network packets to be transmitted
are handed over to Wireshark before the checksums are actually calculated. Wireshark
gets these "empty" checksums and displays them as invalid, even though the packets
will contain valid checksums when they leave the network hardware later.
are handed over to Wireshark before the checksums are actually calculated. Wireshark
gets these "empty" checksums and displays them as invalid, even though the packets
will contain valid checksums when they leave the network hardware later.
Checksum offloading can be confusing and having a lot of [invalid] messages on the screen can be
quite annoying. As mentioned above, invalid checksums may lead to unreassembled packets, mak-
ing the analysis of the packet data much harder.
quite annoying. As mentioned above, invalid checksums may lead to unreassembled packets, mak-
ing the analysis of the packet data much harder.
You can do two things to avoid this checksum offloading problem:
•
Turn off the checksum offloading in the network driver, if this option is available.
•
Turn off checksum validation of the specific protocol in the Wireshark preferences.
Advanced Topics
146