Wireshark · Wireshark-users: Re: [Wireshark-users] TCP checksum off-by-one errors?

Wireshark-users: Re: [Wireshark-users] TCP checksum off-by-one errors?

From: "Matthias Pigulla" <mp@xxxxxxxxxxxxx>

Date: Thu, 5 Mar 2009 17:24:39 +0100

Hi all,

we noticed that all the packets that come in with the wrong checksum
have a size of 1420 bytes. A MSS of 1380 is exchanged during the TCP
handshake.

This was due to a setting on the CISCO firewall called "force maximum
segment size for TCP proxy connections" with a value of 1380.

We disabled this and that seems to fix the problem as now the MSS is
1460. 

What we still don't understand is the connection between setting the MSS
to a value lower than necessary and getting checksum errors on returning
packets. The same symptoms (wrong checksums with 1420 byte packets) are
mentioned here:
http://archives.neohapsis.com/archives/postfix/2006-09/0317.html
http://archives.neohapsis.com/archives/postfix/2006-09/0340.html

Explanations welcome :)

Matthias

References:
- Re: [Wireshark-users] TCP checksum off-by-one errors?
  - From: netztier@xxxxxxxxxx
- Re: [Wireshark-users] TCP checksum off-by-one errors?
  - From: Matthias Pigulla

Prev by Date: [Wireshark-users] Fwd: Wireshark file format
Next by Date: Re: [Wireshark-users] Wireshark file format
Previous by thread: Re: [Wireshark-users] TCP checksum off-by-one errors?
Next by thread: [Wireshark-users] Reading multiple files in tcpdump
Index(es):
- Date
- Thread