tags:

views:

83

answers:

3
+2  Q: 

Building an http packet in libnet(tcp packet), Please help us as soon as posible. we are stuck!

we are building a NAT program,we change each packet that comes from our internal subnet, change it's source IP address by libnet functions.( catch the packet with libpcap, put it sniff structures and build the new packet with libnet)

over TCP, the syn/ack packets are good after the change, and when a HTTP-GET request is coming, we can see by wireshark that there is an error on the checksum field.. all the other fields are exactly the same as the original packet.

Is anyone knows what can cause this problem? the new checksum in other packets is calculated as it should be.. but in the HTTP packet it doesn't..

+2  A: 

Modern ethernet cards can compute the checksum in hardware, so TCP stacks tend to offload the job to the card. As a result, it is quite common for the checksum to be invalid in Wireshark.

Side note: There is an option in Wireshark to validate the checksum:

Edit
  Preferences
    Protocols
      TCP
        Validate the TCP checksum if possible

Turn this off to stop Wireshark nagging you about the checksum.

Marcelo Cantos  2010-05-31 10:16:30
if we change this in wireshark, the checksum looks good, but we still dont get any answer from the server for our HTTP-GET packet...
Hila  2010-05-31 10:33:17
A: 

Is this actually causing a problem - i.e. does the packet with "bad checksum" get dropped or processed incorrectly? Or are you just worried about the "bad checksum" notification? If the packets are processed OK, this may be just checksum offloading and it's nothing to worry about.

Wireshark documentation says:

If the received checksum is wrong, Wireshark won't even see the packet, as the Ethernet hardware internally throws away the packet.

Piskvor  2010-05-31 10:24:35
we need to get an answer for this http- get packet because we send it to a server that should answer us...in the server side we see in wireshark the packet with the checksum error.. and we dont get an answer back because we assume that the httpget packet is not good...
Hila  2010-05-31 10:31:30
"no answer back" - so, just to clarify: you send SYN from client, server sends back SYN/ACK, client sends ACK, client sends the first data packet, no more packets received from server - is this correct?1) are you sending the ACK and data packets separately, or is it one packet?2) are you sending a complete GET request? (the server won't respond until it sees the end of request headers)3) do you get a normal response if you make the GET request e.g. through a browser?
Piskvor  2010-05-31 11:34:12
A: 
Hila's Master  2010-05-31 17:09:51
Hilarious nicks in this thread! I appreciated your sense of humour :)
Victor Sorokin  2010-05-31 20:23:18
Thanks.Any idea about what's wrong? =]
Hila's Master  2010-05-31 20:59:41

related questions

any good tool for makefile generation?
How do you pass a function as a parameter in C?
Where should a veteran C programmer start in order to master Java ?
Any good book on best practice and guidelines in developing a SDK in C?
How do you determine the size of a file in C?
Decoding printf statements in C (Printf Primer)
Shift operator in C
How to avoid redefining VERSION, PACKAGE, etc.
Alpha blending sprites in Nintendo DS Homebrew
When should I use type abstraction in embedded systems
How to implement continuations?
What are the barriers to understanding pointers and what can be done to overcome them?
Anyone have experience creating a shared library in MATLAB?
String.indexOf function in C
Passing multidimensional arrays as function arguments in C
C/C++ library for reading MIDI signals from a USB MIDI device
Choosing a static code analysis tool
How do you printf an unsigned long long int?
Good STL-like library for C.
Rockbox audio format
Why am I getting a malloc: double free error with realloc()?
Should I learn C?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS