Hi, I did some research to tcp-checksum 0xffff. This checksum should not appear in tcp-headers. RFC 1624 explains that it can be generated by a (not-so-good) algorythm for incremental updates to the tcp-checksum (after NAT for example). The RFC advises systems to validate the checksum according to RFC 1071 (which will treat the checksum as valid). Wireshark indeeds uses the method from RFC 1071.
However, some systems just calculate the checksum and then compare it to the checksum in the packet. This results is a bad checksum (0x0000 != 0xffff) and the packet will be dropped. To enhance troubleshooting this situations I wrote a patch that displayes the checksum as follows: Checksum: 0xffff [incorrect, should be 0x0000 (maybe caused by "Incremental update"? See RFC 1624.)] Could someone review this patch (which is attached to bugzilla)? Cheers, Sake _______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
