开发者

Checksum validation in intranet vs internet applications

开发者 https://www.devze.com 2023-02-20 15:57 出处:网络
While looking at messages in Wireshark, I have noted that Checksum validation is always disabled. Is it like an obsolete requirement, or does it apply to internet traffic only which goes outside the f

While looking at messages in Wireshark, I have noted that Checksum validation is always disabled. Is it like an obsolete requirement, or does it apply to internet traffic only which goes outside the firewall of a company network?

Also, can someone please advice how it is set (eg., whether from an application or network card setting, etc.)

PS: The question might not be of practical significance. I am asking this to fill the large missing gap开发者_开发技巧s in my poor network programming skills. I had heard that checksum validation is a major bottleneck for tcp communication, but am surprised that it is disabled for all messages that I have seen


This question is answered in the Wireshark FAQ.

The upshot is that checksums are generally calculated by network cards, and Wireshark often intercepts packets before they hit the hardware that does the actual calculation. Enabling validation for those packets results in a large number of errors, so they disabled validation by default. More info is available via the link.

Edit: just to address fruit's comment below, I screenshotted a couple of TCP packets for comparison. The first one is a TCP packet without validation:

Checksum validation in intranet vs internet applications

You can see that there is a non-zero checksum there, so it might appear that Wireshark (or some other pre-hardware app) has done the checksum for you. However, when we turn validation on for this same packet..

Checksum validation in intranet vs internet applications

Now we can see that this checksum wasn't valid in the first place. I can't find a source for this info, but I think it's strong evidence that Wireshark is not populating that field for us; doing so would go against Wireshark's nature anyway. Instead, I expect that this is just an uninitialized field in the packet - it takes more work to set a field to zero than to omit setting it at all.

It's also worth noting that as time goes on, more and more network stacks will be offloading checksumming to the hardware, so there will be fewer and fewer cases of valid checksums coming from the local machine.

0

精彩评论

暂无评论...
验证码 换一张
取 消