Question

I have a JAX-RS web service which is secured via TLS. Hence encryption is very important I decided to check the network traffic with RawCap and analyze it with WireShark. Doing this, I stumbled over the following message:

Header checksum: 0x0000 [incorrect, should be 0xac15 (may be caused by "IP checksum offload"?)]
  1. What is the reason for this message?
  2. Are there any further consequences?

I'm pretty sure that it isn't a problem with my RESTEasy client, because retrieving a ressource via FireFox causes the same message.

Was it helpful?

Solution

This doesn't come from your application - it is caused by the TCP/IP stack. Many implementations do not (or not always) fill in the header checksum, leaving it a 0x0000.

As Wireshark indicated, one reason for this is, that some combinations of OS and NIC driver make the OS think, that the checksum will be filled in by the NIC (hardware-accelerated), but in fact it will be not.

This is not a real problem, as long as your transmission path is reliable. AFAIK it is not a security risk.

OTHER TIPS

Was this an outgoing packet?

As the error message suggests, IP checksum offload is enabled. This means that the computer’s TCP/IP stack does not calculate the checksum. Instead the NIC hardware does the calculation before sending the packet out.

This is not a real error. You can safely ignore it.

in this case, the checksum field has been ignored with no consequences. However, the checksum field in general in intended to verify integrity of a packet. An incorrect checksum generally indicates errors (possibly EMI) or loss of integrity and may indicate a compromise.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top