Home > other >  Caught found abnormal part of the TCP packet how to return a responsibility?
Caught found abnormal part of the TCP packet how to return a responsibility?

Time:09-18

With wireshark caught under the win10 found abnormal part of the TCP packets, such as the package: 1, the source MAC address (router), such as the router LAN port MAC is 123456, but the display is 654321, only part of this is 2, TCP checksum error, but the application layer showed no abnormalities, simple observation after that to get rid of the last two bytes 0 is normal, is exactly what happened? Should not be the problem of network card, have a check and the normal TCP packets, the network connection is normal,

CodePudding user response:

May be the cable aging or loose

CodePudding user response:

Here the checksum has three, one is the nic itself can help you calculate the checksum, protocol stack is a calculates, another is wireshark to calculate, if it is to the network card, the packet is only added checksum before nic to outgoing, but wireshark, scratching the package is in the card before sending, so that the bag of the checksum and wireshark is certainly not consistent, the network is normal, but caught found TCP checksum wrong package must be the machine sent out the package, because TCP is mandatory checksum, so foreign TCP packet checksum error, wireshark can hold to, but will be dropped by the protocol stack,

CodePudding user response:

refer to the second floor kinkon007 response:
here check and there are three, one is the nic itself can help you calculate the checksum, protocol stack is a calculates, another is wireshark to calculate, if it is to the network card, the packet is only added checksum before nic to outgoing, but wireshark, scratching the package is in the card before sending, so that the bag of the checksum and wireshark is certainly not consistent, the network is normal, but caught found TCP checksum wrong package must be the machine sent out the package, because TCP is mandatory checksum, so foreign TCP packet checksum error, wireshark can hold to, but will be dropped by the protocol stack,

Still don't understand, you will see this kind of situation, I use the command line to a web site launched a Telnet connection, caught discovered the site response of the SYN and ACK packet, the results of the checksum of the packet is wrong, but below is followed by the native response of an ACK packet, prove the package that's right, I later discovered, if not when the calibration data is part of the TCP packets, namely only check false head and head, check the result is correct, namely 0 XFFFF

CodePudding user response:

reference lost 3 floor space and time response:
Quote: refer to the second floor kinkon007 response:
here check and there are three, one is the nic itself can help you calculate the checksum, protocol stack is a calculates, another is wireshark to calculate, if it is to the network card, the packet is only added checksum before nic to outgoing, but wireshark, scratching the package is in the card before sending, so that the bag of the checksum and wireshark is certainly not consistent, the network is normal, but caught found TCP checksum wrong package must be the machine sent out the package, because TCP is mandatory checksum, so foreign TCP packet checksum error, wireshark can hold to, but will be dropped by the protocol stack,

Still don't understand, you will see this kind of situation, I use the command line to a web site launched a Telnet connection, caught discovered the site response of the SYN and ACK packet, the results of the checksum of the packet is wrong, but below is followed by the native response of an ACK packet, prove the package that's right, I later discovered, if not when the calibration data is part of the TCP packets, namely only check false head and head, check the result is correct, namely 0 XFFFF

Check the network card of the two attributes, Rx Checksum Offload/Tx Checksum Offload, turn off the try again have a Checksum error,

CodePudding user response:

Found the reason, but still a bit of a problem, as is my router is not big, I in the mobile hotspot, schools under the WIFI and respectively on the same site under my router perform Telnet command, under my router grasp websites/SYN and ACK packet, it found that more than two bytes of data, wireshark show for VSS - monitoring Ethernet trailer, remove the two byte data validation and by the way, could you tell me what is this? TCP/IP protocol stack is in check automatically remove these two bytes of data?

Page link:https//www.codepudding.com/other/9658.html

Prev:A computer search less than WiFi how to solve
Next:The matters in the software to open it
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding