Mindaugas Bernatavičius asked:
A tcpdump pcap exported and being investigated on another machine with wireshark is showing a lot of invalid TCP checksum messages. This is a known and documented phenomenon when using TCP offload functionality: https://wiki.wireshark.org/TCP_Checksum_Verification
The only thing that is unclear is why the checksum is incorrect?
TCP checksums are calculated over the entire TCP segment with the help of a pseudo header and using the temporary checksum value of all zeros durring the process of checksum calculation (http://www.tcpipguide.com/free/t_TCPChecksumCalculationandtheTCPPseudoHeader-2.htm#Figure_218). The pseaudoheader is then discarded. Where does the difference creep in?
Because, the checksum is being calculated by the NIC, and not by the operating system.
The wiki page you linked to did explain this:
If you capture on a recent Ethernet NIC, you may see many such “checksum errors”. This is due to TCP Checksum offloading often being implemented on those NICs and thus, for packets being transmitted by the machine. The checksum will not be calculated until the packet is sent out by the NIC hardware, long long after your capture tool intercepted the packet from the network stack.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.