From: grahn+nntp@snipabacken.se   
      
   On Wed, 2013-03-13, Barry Margolin wrote:   
   > In article ,   
   >  Josef Moellers  wrote:   
   >   
   >> On 03/13/2013 01:46 PM, Jorgen Grahn wrote:   
   >> > On Tue, 2013-03-12, Josef Moellers wrote:   
   >> > ...   
   >> >> I've found it myself: The TCP header checksum must include parts of the   
   >> >> IP Header! Thus, my checksum was bad and the TCP layer discarded the RST   
   >> >> packet.   
   >> >   
   >> > 'tcpdump -v' would have told you this, at least on the side receiving   
   >> > the RST.  That side would also have recorded a bad checksum discard in   
   >> > 'netstat -s'.   
   >>   
   >> I used wireshark, but it only said:   
   >>   
   >>     Checksum: 0xf89a [validation disabled]   
   >>         [Good Checksum: False]   
   >>         [Bad Checksum: False]   
      
   That's most likely a setting in Wireshark. Look under the preferences   
   for IPv4, IPv6, TCP and UDP.  You might also want to disable the IPv4   
   "I will reassemble the fragments for you and pretend there was no   
   fragmentation" option.   
      
   > Wireshark is just a graphical version of tcpdump. I think they both   
   > disable validating checksums if your system offloads it to the NIC.   
      
   Or display an incorrect one. But that's why I specified "at least on   
   the side receiving".  No NIC that I'm aware of messes up the checksums   
   on Rx traffic, but it's common for Tx checksums to be created in   
   hardware, long after tcpdump got its preliminary copy of the frame.   
      
   /Jorgen   
      
   --   
     // Jorgen Grahn    O  o   .   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)