TCP Header Checksums Shown as Invalid in Network Monitor (243294)
The information in this article applies to:
- Microsoft Windows XP Professional
- Microsoft Windows XP Home Edition
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Workstation 4.0
This article was previously published under Q243294 SYMPTOMS
When you view a capture created in the Network Monitor tool, the checksum for the TCP header may show as being corrupted.
CAUSE
This behavior occurs because some Network Driver Interface Specification (NDIS) drivers allow Windows to offload the computation of checksums to the network adapter itself.
This feature was added to remove the computationally expensive checksum calculation operation from the main CPU, which generally results in improved performance. Network Monitor installs its filter driver between the NDIS driver for the network adapter and the TCP/IP stack. This results in captures of packets that are sent from the TCP/IP stack to the network driver being shown as having invalid checksums because they have not been calculated yet. The packet checksum is calculated before being sent to the network, which is why communication continues. The other computer has no knowledge of how or where the checksum is performed, only that the value is correct.
MORE INFORMATION
It is generally not a good idea to capture from one of the computers involved in the communication stream. Because this affects only the data from the specific computer, this should not adversely affect a capture.
| Modification Type: | Major | Last Reviewed: | 9/24/2003 |
|---|
| Keywords: | kbnetwork kbprb KB243294 |
|---|
|