linux - how is TCP's checksum calculated when we use tcpdump to capture packets which we send out -

-

I am trying to prepare a series of packets to simulate the TCP 3-way handshake process, my The first step is to get real connecting packets, and send the same packet from the same machine again, but it does not work in advance.

In the end, I came to know that the packet I bought with the taxipamp is not at all, my computer was sent, the checksum field of TCP has changed and it inspires me to think that I have a TCP connection I can install TCP checksum is also wrong.

So my question is how checksum fields are calculated? Is it modified by TCPDump or hardware? Why has this changed? Is this a bug of TCPDump? Or is it because the calculation has been omitted.

The following is a screenshot taken from my host machine and a virtual machine, you can see that the same packet captured on the defiant machine is all the same except the TCP Checksum.

And the small window is my virtual machine, I have used the command "ssh 10.82.25.138" to create these packets from the host

Enter image details here

< P> What you see can be the result of checksum offloading. To quote from the Wirehark wiki:

Most modern operating systems support some form of network offloading, where there is a network network on the NIC instead of the CPU. Generally this is a big thing, it can free resources on the rest of the system and allow it to manage more connections. If you are trying to catch traffic, then the result may be in false errors and may be strange or even lose traffic.

Checksum offloading support on the system Does, IP, TCP, and UDP checksums are calculated on NIC before transmitting on the wire. In Wyrhark they are shown in the form of outgoing packets, which are black colored marks with red text and notes [wrong, xxxx (maybe "due to TCP checksum offload"?)].

The virus captures the packet before the shark is sent, the network adapter will not show this correct checksum because it has not yet been calculated. Even worse, most of the OSs do not bother starting this data, so you're probably looking at a little bit of memory that you do not want.

Although it is for Wirehark, the same principle applies. In your host machine, you see wrong checksum because it is not yet filled. It looks fine on the guest, because it is filled with before being sent to "wire". Try disabling checksum offloading on the interface that controls this traffic, such as: 

  Eth08 eth0 rx off tx off   
 If it is eth0 is.

Comments

Post a Comment

Popular posts from this blog

excel vba - How to delete Solver(SOLVER.XLAM) code -

-
After opening several examples of macro / code written, I suddenly get stuck with a code that seems safe. Solver (SOLVER.XLAM) is doing this notation and I would like to remove it from my system. I do not think this is a relativant code. Can anyone tell me what should I do? I have already installed something to remove the password but Solver is still asking for password and I can not get rid of it! itemprop = "text"> Solver Excel is add-in If you want to delete it, then Excel Application & gt; Options & gt; Add-ins & gt; Search for 'Go to' button and gt; Uncheck the solver on the list like press something (I can not give you the exact path because I have the Polish version of Excel). Trying to open Solver's VBA code is not good because it There is allegedly copyright. Besides, I do not think Solver creates any disadvantages while working with Excel or VBA.
Read more

github - Teamcity & Git - PR merge builds - anyway to get HEAD commit hash? -

-
I have a team city build project with Gitbab VCS route, I have been triggered for both / head on PR and / Merge the referee. The annoying thing is that you can not do anything useful with the merged hash - it is not present in Gitobb. I want to exclude newsgate packages with head in gutub comet situations in the version number along with Hewash (Newsaging 7) for the music build, but against head hash. However, I can not see a way to get the head hashes while constructing that merge. I just want to head because it's useless - we only care about merge. (PR - Pull Request) This command works reliably while running One on / merge is git log --no-merge -1 ---- = '% h'
Read more

ios - Replace text in UITextView run slowly -

-
I have a UITextView and I change a word like the code at the end of UITextView.text: - (void) Replace TexttechWitWord: (NSString *) word {NSString * currentTextViewText = self.textView.text; CurrentTextViewText = [currentTextViewText stringByReplacingCharactersInRange: NSMakeRange ([self.textView.text length] - [word length], [word length]) withString: word; Self.textView.text = currentTextViewText; } Replacement work is fine, but it runs very slowly and very slowly when the textView now lengthens Is there any better way? I try the replacement range: with text for a week but still stuck. Not to know how to use it to replace it in your case. Please guide! Thanks in advance! This is an important job. As you are using an irreversible string and you are creating a very long string and before Assigned to NSString created from. NSString will be used instead of NSMutableString . - (UITableViewCell *) TableView: (UITableView *) Table View CellForOutPath: (NSIndex...
Read more