Wireshark中的Checksum: 0x90c5 [validation disabled]問題

廢話不多說先上問題圖：

這是我在做關於DNS協議PPT的時候出現的協議樹第五項展開結果，可以發現其中有一行為：

　　　　　　　　　　Header checksum:0x90c5[validation disabled]

按正常情況來說中括號中出現的應該是[correct]而不是[validation disabled]，意識是驗證禁用，在Wireshark官網上查詢了到了這個問題，問題的鏈接如下：

　　https://ask.wireshark.org/questions/2253/tcp-checksum-validation-disabled

這是ask的問題：

Is there any reason why the TCP checksum validation would be disabled. I believe I spotted a host communicating to a CnC server then being redirected to another potential drive by download site.

The TCP validation disabled checksum is for incoming traffic from the potential CnC server.

Thanks

這是其中的一個支持率比較高的answer：

Yes. The reason is that Wireshark is very often used to capture the network frames of the same PC that is running Wireshark. This usually results in the checksums of outgoing frames being incorrect since they are only calculated for transmission by the network card after they were already recorded by Wireshark. To avoid constant "checksum error" messages it was decided to have the checksum validation disabled by default.

It may sound stupid to disabled checkum validation since we want to find damaged packets with Wireshark when tracking down errors. But the fact is that frames with damaged checksums won't survive much long anyway since every switch or router will probably drop them for being defective - and still, if the frame makes it to your network card it will still drop it before Wireshark even sees it. This is the reason why some commercial sniffers have specialized NIC drivers for certain cards that will allow capturing damaged frames with them.

大致意思就是：

　　有時候TCP和UDP校驗和會由網卡計算，因此wireshark抓到的本機發送的TCP/UDP數據包的校驗和都是錯誤的，這樣檢驗校驗和根本沒有意義。所以Wireshark不自動做TCP和UDP校驗和的校驗

如果要校驗校驗和：可以在edit->preference->protocols中選擇相應的TCP或者UDP協議，在相應的地方打鈎。操作截圖如下：

好了，關於checksum的validation disabled問題就介紹到這里。