Lots (but not all) of TCP CHECKSUM INCORRECT on Windows

asked 2025-03-28 01:47:05 +0000

mjs gravatar image

I'm using a Windows PC as a TCP client to debug a TCP server. The server could be problematic even in the TCP checksum calculation. Wireshark on the PC does the traffic capture.

In the Wireshark capture, 192.168.1.9 is the TCP server, and 192.168.1.20 is the Windows PC as a TCP client. Lots of TCP segments sent by the TCP client are marked as TCP CHECKSUM INCORRECT (can be shown by tcp.checksum_bad.expert). I've read https://wiki.wireshark.org/TCP_Checksum_Verification and learned of offloading. I don't think the TCP CHECKSUM INCORRECT is caused by offloading because there are also lots of TCP segments that are marked as Checksum: 0xXXXX [correct] (matches paritial checksum ...), which is more likely the result of offloading. I don't think Windows' TCP stack is problematic since the PC browser works fine. Why are there so many TCP CHECKSUM INCORRECT from PC? Thanks very much!

capture file

edit retag flag offensive close merge delete

Comments

Can you make a capture on the server?
The packets marked with bad checksum all have a length of 2102 which means they are split (and checksum calculated) before they go on the wire.

Chuckc gravatar imageChuckc ( 2025-03-28 03:05:06 +0000 )edit

Sorry I can't. The server is an embedded device.

mjs gravatar imagemjs ( 2025-03-28 04:38:21 +0000 )edit

Can you capture on the wire, rather than the PC? Then you really see what these packets look like.

Jaap gravatar imageJaap ( 2025-03-28 06:29:37 +0000 )edit

Windows PC as a TCP client
Can you adjust the client to send smaller data chunks? (currently 2048)

Chuckc gravatar imageChuckc ( 2025-03-28 13:25:28 +0000 )edit

Another option is to temporary disable TCP checksum offload and LSO offload in the NIC driver via: Device Manager / Network / Ethernet Controller properties / Advanced tab.

André gravatar imageAndré ( 2025-03-28 19:20:37 +0000 )edit