Wireshark中的Checksum: 0x90c5 [validation disabled]问题

Wireshark中的Checksum: 0x90c5 [validation disabled]问题

废话不多说先上问题图:

这是我在做关于DNS协议PPT的时候出现的协议树第五项展开结果,可以发现其中有一行为:

          Header checksum:0x90c5[validation disabled]

按正常情况来说中括号中出现的应该是[correct]而不是[validation disabled],意识是验证禁用,在Wireshark官网上查询了到了这个问题,问题的链接如下:

  https://ask.wireshark.org/questions/2253/tcp-checksum-validation-disabled

这是ask的问题:

Is there any reason why the TCP checksum validation would be disabled. I believe I spotted a host communicating to a CnC server then being redirected to another potential drive by download site.

The TCP validation disabled checksum is for incoming traffic from the potential CnC server.

Thanks

这是其中的一个支持率比较高的answer:

Yes. The reason is that Wireshark is very often used to capture the network frames of the same PC that is running Wireshark. This usually results in the checksums of outgoing frames being incorrect since they are only calculated for transmission by the network card after they were already recorded by Wireshark. To avoid constant "checksum error" messages it was decided to have the checksum validation disabled by default.

It may sound stupid to disabled checkum validation since we want to find damaged packets with Wireshark when tracking down errors. But the fact is that frames with damaged checksums won‘t survive much long anyway since every switch or router will probably drop them for being defective - and still, if the frame makes it to your network card it will still drop it before Wireshark even sees it. This is the reason why some commercial sniffers have specialized NIC drivers for certain cards that will allow capturing damaged frames with them.

大致意思就是:

  有时候TCP和UDP校验和会由网卡计算,因此wireshark抓到的本机发送的TCP/UDP数据包的校验和都是错误的,这样检验校验和根本没有意义。所以Wireshark不自动做TCP和UDP校验和的校验

如果要校验校验和:可以在edit->preference->protocols中选择相应的TCP或者UDP协议,在相应的地方打钩。操作截图如下:

好了,关于checksum的validation disabled问题就介绍到这里。

时间: 2024-11-20 12:11:08

Wireshark中的Checksum: 0x90c5 [validation disabled]问题的相关文章

Wireshark中遇到的epoch time

使用Wireshark分析DNS时遇到的Epoch time 首先看一下Wireshark分析DNS的情况(如下图): 这是协议树的第一项,第一项中的第五行出现了Epoch Time,查阅资料之后才知道: Epoch指的是一个特定的时间(新纪元时间):1970-01-01 00:00:00 UTC.(协调世界时Universal Time Coordinated) 图片中的epoch time是1416328469.028274000seconds,假如我们将一年算作365天 141632846

SQL Server 2005中的CHECKSUM功能

原文:SQL Server 2005中的CHECKSUM功能 转自此处 页面 checksum 是SQL2005的新功能,提供了一种比残缺页检测强大的机制检测IO方面的损坏.以下是详细描述: 页面 CHECKSUM: 在数据库页面从被写入磁盘到被SQL Server读取的这段时间内,有可能由于外界原因发生损坏.比如I/O设备的损坏,驱动的损坏或者由于电源不稳没有写完整.Checksum机制使SQL Server可以检测到这些损坏.需要注意的是,Checksum机制只能使我们确定是不是I/O子系统

Lua语言在Wireshark中使用(转)

1.       检查Wireshark的版本是否支持Lua 打开Wireshark,点击“HelpàAbout Wireshark”菜单,查看弹出的对话框,如果有“with Lua 5.1”表示支持Lua语言扩展,如果有“without Lua”表示不支持Lua扩展. 2.       启用LUA 在全局配置文件中启用LUA的方法是从init.lua文件中删除disable_lua这一行.该文件可以通过点击“HelpàAbout Wireshark”,在弹出的对话框中找到“FoldersàGl

Wireshark中TCP segment of a reassembled PDU的含义

By francis_hao    Sep 16,2017 在用Wireshark抓包的时候,经常会看到TCP segment of a reassembled PDU,字面意思是要重组的协议数据单元(PDU:Protocol Data Unit)的TCP段.比如由多个数据包组成的HTTP协议的应答包,如下 这里的分段是指:上层协议HTTP的应答由多个分段组成,每个分段都是TCP协议的.TCP本身没有分段的概念,它的sequence number和acknowledge number 是使TCP

iOS开发解决:iOS8.1中UIBarButtonItem的setTitleTextAttributes对Disabled颜色设置无效问题

(1)情景:在iOS8.1中,我们通常会利用如下语句,设置全局的导航条按钮item的主题 UIBarButtonItem *item=[UIBarButtonItem appearance]; NSMutableDictionary *textAttrs=[NSMutableDictionary dictionary]; textAttrs[NSForegroundColorAttributeName]=[UIColor orangeColor]; [item setTitleTextAttri

【iOS开发-103】解决方案:iOS8.1中UIBarButtonItem的setTitleTextAttributes对Disabled颜色设置无效

(1)情景:在iOS8.1中,我们通常会利用如下语句,设置全局的导航条按钮item的主题 UIBarButtonItem *item=[UIBarButtonItem appearance]; NSMutableDictionary *textAttrs=[NSMutableDictionary dictionary]; textAttrs[NSForegroundColorAttributeName]=[UIColor orangeColor]; [item setTitleTextAttri

【HTTP】WireShark中获取Content-Encoding: gzip时的响应内容

GZIP格式 详见:http://blog.csdn.net/jison_r_wang/article/details/52068607 表述的很清楚 关键:GZIP头以0x1F8B开始 用WireShark获取压缩的响应数据 我的WireShark版本号为:v1.12.4 1.选择一个包,右键Follow TCP Stream 2.选择下方的Raw 3.点击Save As 保存为xxx.zip 4.选择Hex Dump,查找0x1F8B的位置 5.用Notepad++打开xxx.zip,删除刚

Spring中的DataBinding(二) - Validation

@Controller@RequestMapping(value = "/custom/register")public class RegistrationController { // Set the data binding per controller @InitBinder public void initBinder(WebDataBinder binder){ binder.setDisallowedFields("id"); // 此处指定在绑定的时

删除在wireshark中保存的filter的方法

现在想删除下图的filter,方法是:Edit->preferences->Filter Expressions