Interpret Wireshark Captures

networking wireless-networking wireshark
7,369

Solution 1

TCP checksum / Bad TCP is very normal for Wireshark and other packet sniffing tools, it is because you have enabled the checksum offloading on your wireless card, you can disable it or ignore it.

TCP retransmission is the exact reason for the problems of your network.

The possible reasons are below:

  • The acknowledgment packets are being transmitted via a slower path.
  • The network load is very high.
  • The receiver or router is overloaded.

Solution 2

Intel's Centrino WiFi adapters that are usually in the X200 are generally OK but they have had issues with Power Management (CAM\PSP) WiFi features when connecting to some AP's. As a first step I'd suggest you go into the properties of the WLAN adapter and disable power management and under the advanced properties set the Transmit power to max.

Solution 3

The bad checksum errors are probably because you have TCP offload facilities in your network card. What this means is that the checksum is calculated after Wireshark has captured the packet.
There is a page abput it in the Wireshark FAQ.

EDIT: In response to the comments, it is probably not the source of the issue. If the checksum was incorrect when the packet arrived at the destination then it would request a re-send. However, i would suggest following the recommendation in the Wireshark documentation and turn off checksum offloading while you are running a trace. On a modern PC that is only doing normal desktop tasks, I doubt you will notice any performance difference so it is probably easier to just leave it turned off until you get this problem fixed. (Or you give up investigating it.)

Share:
7,369

Related videos on Youtube

m3rLinEz
Author by

m3rLinEz

Hi! My name is Natthawut Kulnirundorn, and I think it's a long name so you can just refer to my internet identity: m3rlinez. I am from Thailand, Land of Tom-Yum-Goong and delicious foods :) I am interested in Object-Oriented Design, Software Architecture, Graphics, .NET Technology, Java. I also have a technical blog and a Twitter account. You can contact me via m3rlinez at email by google.

Updated on September 17, 2022

Comments

  • m3rLinEz
    m3rLinEz over 1 year

    I am troubleshooting wireless connectivity problem in my home network. My Thinkpad X200 laptop which use Intel Wifi Link 5100 AGN is not able to surf the internet stably. Sometimes it works, but most of the time it couldn't load the page completely or not loaded at all.

    This is not happening to my desktop PC which is connected to the same D-Link AP as well.

    I managed to capture network traffic on my laptop with Wireshark which results in the image below:

    alt text

    From what I know, the black-background rows show that there are erros in TCP checksum / Bad TCP. Is this normal on any wireless network? If not, how can I fix my laptop so it can surf the internet stably as my desktop PC?

    Edit: I tried to capture the TCP packet again while the page failed to completely load. It looks like this is related to massive "TCP Retransmission" in Wireshark logs somehow ..

    Edit 2: Gave up on investigating this. Tried another ACP. Luckily, it works without those many retransmission message o__o' Many thanks to everyone for the answers!

    • Helvick
      Helvick over 14 years
      Is the desktop also using a Wireless Connection or is it wired?
    • m3rLinEz
      m3rLinEz over 14 years
      @Helvick The desktop is using wireless connection too.
  • m3rLinEz
    m3rLinEz over 14 years
    Thanks for the info! I disabled power mgmt and also update the driver to latest version. Still not see any single hiccup this morning.
  • m3rLinEz
    m3rLinEz over 14 years
    Thanks for this. Does this means the actual packets are okay but Wireshark just reports them as corrupted?
  • Arjan
    Arjan over 14 years
    @m3rLinEz it actually means that Wireshark cannot tell. But most likely they are okay indeed. Then again: you're investigating connectivity problems, so maybe you're onto something here. Ensure that the specifications of your wireless network card indeed support checksum offloading before ignoring the errors (or before changing the preference as mentioned in the Wireshark FAQ that pipTheGeek gave you). Alternatively, see if you can disable that function in the settings of your wireless network card.
  • m3rLinEz
    m3rLinEz over 14 years
    Sadly, it's still not working .. I also tried to capture TCP packet during the time problem occur and it looks like this is related to TCP Retransmission somehow ..
  • Anonymous Type
    Anonymous Type over 13 years
    good ol tcp retrans

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Why does Wireshark show MAC addresses in the source\destination?
What causes dropping of ARP response packets in a wireless network?
Filtering non-local IP traffic with Wireshark
Wireshark on WPA2-PSK [AES] not decrypting
How to monitor traffic passing through my Wi-Fi access point
How to block the Whatsapp Android application in a network
How to set CommView to capture a specific wifi instead of the whole channel?
TCP Server sends [ACK] followed by [PSH,ACK]
How to decrypt https
How to see full HTTPS URL in wireShark