碼上快樂

相關內容    簡體    繁體

tcpdump cksum incorrect

本文轉載自   查看原文   2020-09-17 13:53   1363    os

tcpdump在啟用了Checksum Offloading的網卡上抓包提示cksum incorrect

 

https://huataihuang.gitbooks.io/cloud-atlas/content/network/packet_analysis/tcpdump/udp_tcp_checksum_errors_from_tcpdump_nic_hardware_offloading.html

 

 

大多數現代操作系統都支持網絡卸載(network offloading)功能,即部分網絡處理由網卡完成而不是由CPU處理。這樣可以釋放系統資源以便能夠處理更多的連接。不過對於數據包捕捉分析會帶來一些較為奇怪的結果或者丟失一些流量。

Checksum Offloading

在支持checksum offloading的系統中,IP,TCP和UDP checksum可以在傳輸到網線之前由網卡NIC來完成。此時在Wirshark中會提示數據包錯誤[incorrect, should be xxxx (maybe caused by "TCP checksum offload"?)].(tcpdump也有同樣提示cksum xxxx incorrect)。抓包工具Wireshark/Tcpdump是在數據包被發送給網卡之前捕捉數據包的,此時它不會看到正確的checksum,因為此時尚未進行計算(因為checksum已經卸載到網卡,此時這個checksum字段會被填寫為0)。這也就導致了抓包工具提示checksum錯誤的原因。

[root@bogon ~]# tcpdump -i enahisic2i3 tcp and host 10.10.103.229 -eenv 
tcpdump: listening on enahisic2i3, link-type EN10MB (Ethernet), capture size 262144 bytes
13:38:42.292481 48:57:02:64:ea:1e > 44:a1:91:a4:9b:eb, ethertype IPv4 (0x0800), length 81: (tos 0x0, ttl 64, id 58746, offset 0, flags [DF], proto TCP (6), length 67)
    10.10.103.81.58320 > 10.10.103.229.http: Flags [P.], cksum 0xe37f (incorrect -> 0x7afd), seq 3472498899:3472498926, ack 2821728936, win 29200, length 27: HTTP
13:39:40.532473 48:57:02:64:ea:1e > 44:a1:91:a4:9b:eb, ethertype IPv4 (0x0800), length 81: (tos 0x0, ttl 64, id 58747, offset 0, flags [DF], proto TCP (6), length 67)
    10.10.103.81.58320 > 10.10.103.229.http: Flags [P.], cksum 0xe37f (incorrect -> 0x7afd), seq 0:27, ack 1, win 29200, length 27: HTTP
13:41:33.172487 48:57:02:64:ea:1e > 44:a1:91:a4:9b:eb, ethertype IPv4 (0x0800), length 81: (tos 0x0, ttl 64, id 58748, offset 0, flags [DF], proto TCP (6), length 67)
    10.10.103.81.58320 > 10.10.103.229.http: Flags [P.], cksum 0xe37f (incorrect -> 0x7afd), seq 0:27, ack 1, win 29200, length 27: HTTP
13:43:36.052487 48:57:02:64:ea:1e > 44:a1:91:a4:9b:eb, ethertype IPv4 (0x0800), length 81: (tos 0x0, ttl 64, id 58749, offset 0, flags [DF], proto TCP (6), length 67)
    10.10.103.81.58320 > 10.10.103.229.http: Flags [P.], cksum 0xe37f (incorrect -> 0x7afd), seq 0:27, ack 1, win 29200, length 27: HTTP
13:45:38.932495 48:57:02:64:ea:1e > 44:a1:91:a4:9b:eb, ethertype IPv4 (0x0800), length 81: (tos 0x0, ttl 64, id 58750, offset 0, flags [DF], proto TCP (6), length 67)
    10.10.103.81.58320 > 10.10.103.229.http: Flags [P.], cksum 0xe37f (incorrect -> 0x7afd), seq 0:27, ack 1, win 29200, length 27: HTTP

 

[root@bogon ~]# ethtool --show-offload  enahisic2i3 | grep checksum
rx-checksumming: on
tx-checksumming: on
        tx-checksum-ipv4: on
        tx-checksum-ip-generic: off [fixed]
        tx-checksum-ipv6: on
        tx-checksum-fcoe-crc: off [fixed]
        tx-checksum-sctp: off [fixed]
[root@bogon ~]#

 

[root@bogon ~]# ethtool --offload enahisic2i3 rx off tx off
Actual changes:
rx-checksumming: off
tx-checksumming: off
        tx-checksum-ipv4: off
        tx-checksum-ipv6: off
tcp-segmentation-offload: off
        tx-tcp-segmentation: off [requested on]
        tx-tcp6-segmentation: off [requested on]
[root@bogon ~]#

 

[root@bogon ~]# tcpdump -i enahisic2i3 tcp and host 10.10.103.229 -eenv 
tcpdump: listening on enahisic2i3, link-type EN10MB (Ethernet), capture size 262144 bytes
13:50:00.491266 48:57:02:64:ea:1e > 44:a1:91:a4:9b:eb, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 1837, offset 0, flags [DF], proto TCP (6), length 60)
    10.10.103.81.58740 > 10.10.103.229.http: Flags [S], cksum 0xaa31 (correct), seq 3170362118, win 29200, options [mss 1460,sackOK,TS val 2467508125 ecr 0,nop,wscale 7], length 0
13:50:00.491345 44:a1:91:a4:9b:eb > 48:57:02:64:ea:1e, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 64, id 1837, offset 0, flags [DF], proto TCP (6), length 40)
    10.10.103.229.http > 10.10.103.81.58740: Flags [S.], cksum 0x5dda (correct), seq 2821705385, ack 3170362119, win 29200, length 0
13:50:00.491385 48:57:02:64:ea:1e > 44:a1:91:a4:9b:eb, ethertype IPv4 (0x0800), length 54: (tos 0x0, ttl 64, id 1838, offset 0, flags [DF], proto TCP (6), length 40)
    10.10.103.81.58740 > 10.10.103.229.http: Flags [.], cksum 0x5ddb (correct), ack 1, win 29200, length 0
13:50:00.491497 48:57:02:64:ea:1e > 44:a1:91:a4:9b:eb, ethertype IPv4 (0x0800), length 81: (tos 0x0, ttl 64, id 1839, offset 0, flags [DF], proto TCP (6), length 67)
    10.10.103.81.58740 > 10.10.103.229.http: Flags [P.], cksum 0x2526 (correct), seq 1:28, ack 1, win 29200, length 27: HTTP
13:50:00.702452 48:57:02:64:ea:1e > 44:a1:91:a4:9b:eb, ethertype IPv4 (0x0800), length 81: (tos 0x0, ttl 64, id 1840, offset 0, flags [DF], proto TCP (6), length 67)
    10.10.103.81.58740 > 10.10.103.229.http: Flags [P.], cksum 0x2526 (correct), seq 1:28, ack 1, win 29200, length 27: HTTP
13:50:01.132447 48:57:02:64:ea:1e > 44:a1:91:a4:9b:eb, ethertype IPv4 (0x0800), length 81: (tos 0x0, ttl 64, id 1841, offset 0, flags [DF], proto TCP (6), length 67)
    10.10.103.81.58740 > 10.10.103.229.http: Flags [P.], cksum 0x2526 (correct), seq 1:28, ack 1, win 29200, length 27: HTTP
13:50:02.052451 48:57:02:64:ea:1e > 44:a1:91:a4:9b:eb, ethertype IPv4 (0x0800), length 81: (tos 0x0, ttl 64, id 1842, offset 0, flags [DF], proto TCP (6), length 67)
    10.10.103.81.58740 > 10.10.103.229.http: Flags [P.], cksum 0x2526 (correct), seq 1:28, ack 1, win 29200, length 27: HTTP
13:50:03.812450 48:57:02:64:ea:1e > 44:a1:91:a4:9b:eb, ethertype IPv4 (0x0800), length 81: (tos 0x0, ttl 64, id 1843, offset 0, flags [DF], proto TCP (6), length 67)
    10.10.103.81.58740 > 10.10.103.229.http: Flags [P.], cksum 0x2526 (correct), seq 1:28, ack 1, win 29200, length 27: HTTP
13:50:07.252454 48:57:02:64:ea:1e > 44:a1:91:a4:9b:eb, ethertype IPv4 (0x0800), length 81: (tos 0x0, ttl 64, id 1844, offset 0, flags [DF], proto TCP (6), length 67)
    10.10.103.81.58740 > 10.10.103.229.http: Flags [P.], cksum 0x2526 (correct), seq 1:28, ack 1, win 29200, length 27: HTTP

 

[root@bogon ~]# ethtool --offload enahisic2i3 rx on tx on
Actual changes:
rx-checksumming: on
tx-checksumming: on
        tx-checksum-ipv4: on
        tx-checksum-ipv6: on
tcp-segmentation-offload: on
        tx-tcp-segmentation: on
        tx-tcp6-segmentation: on
[root@bogon ~]# tcpdump -i enahisic2i3 tcp and host 10.10.103.229 -eenv 
tcpdump: listening on enahisic2i3, link-type EN10MB (Ethernet), capture size 262144 bytes
13:50:58.966457 48:57:02:64:ea:1e > 44:a1:91:a4:9b:eb, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 22335, offset 0, flags [DF], proto TCP (6), length 60)
    10.10.103.81.58770 > 10.10.103.229.http: Flags [S], cksum 0xe378 (incorrect -> 0xb938), seq 3320892, win 29200, options [mss 1460,sackOK,TS val 2467566599 ecr 0,nop,wscale 7], length 0
13:50:58.966538 44:a1:91:a4:9b:eb > 48:57:02:64:ea:1e, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 64, id 22335, offset 0, flags [DF], proto TCP (6), length 40)
    10.10.103.229.http > 10.10.103.81.58770: Flags [S.], cksum 0x334c (correct), seq 2821713065, ack 3320893, win 29200, length 0
13:50:58.966559 48:57:02:64:ea:1e > 44:a1:91:a4:9b:eb, ethertype IPv4 (0x0800), length 54: (tos 0x0, ttl 64, id 22336, offset 0, flags [DF], proto TCP (6), length 40)
    10.10.103.81.58770 > 10.10.103.229.http: Flags [.], cksum 0xe364 (incorrect -> 0x334d), ack 1, win 29200, length 0
13:50:58.966609 48:57:02:64:ea:1e > 44:a1:91:a4:9b:eb, ethertype IPv4 (0x0800), length 81: (tos 0x0, ttl 64, id 22337, offset 0, flags [DF], proto TCP (6), length 67)
    10.10.103.81.58770 > 10.10.103.229.http: Flags [P.], cksum 0xe37f (incorrect -> 0xfa97), seq 1:28, ack 1, win 29200, length 27: HTTP
13:50:59.182449 48:57:02:64:ea:1e > 44:a1:91:a4:9b:eb, ethertype IPv4 (0x0800), length 81: (tos 0x0, ttl 64, id 22338, offset 0, flags [DF], proto TCP (6), length 67)
    10.10.103.81.58770 > 10.10.103.229.http: Flags [P.], cksum 0xe37f (incorrect -> 0xfa97), seq 1:28, ack 1, win 29200, length 27: HTTP
13:50:59.612451 48:57:02:64:ea:1e > 44:a1:91:a4:9b:eb, ethertype IPv4 (0x0800), length 81: (tos 0x0, ttl 64, id 22339, offset 0, flags [DF], proto TCP (6), length 67)
    10.10.103.81.58770 > 10.10.103.229.http: Flags [P.], cksum 0xe37f (incorrect -> 0xfa97), seq 1:28, ack 1, win 29200, length 27: HTTP
13:51:00.532458 48:57:02:64:ea:1e > 44:a1:91:a4:9b:eb, ethertype IPv4 (0x0800), length 81: (tos 0x0, ttl 64, id 22340, offset 0, flags [DF], proto TCP (6), length 67)
    10.10.103.81.58770 > 10.10.103.229.http: Flags [P.], cksum 0xe37f (incorrect -> 0xfa97), seq 1:28, ack 1, win 29200, length 27: HTTP
13:51:02.292467 48:57:02:64:ea:1e > 44:a1:91:a4:9b:eb, ethertype IPv4 (0x0800), length 81: (tos 0x0, ttl 64, id 22341, offset 0, flags [DF], proto TCP (6), length 67)
    10.10.103.81.58770 > 10.10.103.229.http: Flags [P.], cksum 0xe37f (incorrect -> 0xfa97), seq 1:28, ack 1, win 29200, length 27: HTTP

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 Linux基礎命令---sum,cksum Wireshark 與 Tcpdump tcpdump詳解 tcpdump詳解 tcpdump命令詳解 為什么 tcpdump 抓不到包? tcpdump 實現原理【整理】 Linux的tcpdump命令詳解 Ubuntu使用tcpdump工具 抓包tcpdump
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM