Hi, When I use winpcap to capture the outbound TCP packet, for the ack message which is just 40 byte long with IP header and TCP header only, the checksum in the tcp header is wrong.
For example, I capture the TCP packets during a TCP connection. There are totally three tcp packets will be captured. The SYN packet, SYN ACK packet and the ACK packet. The checksum in the tcp header of the first two tcp packet are both correct, but for the last ACK packet, the checksum is wrong. But I also use winpcap to capture the packet in another computer in the same subnet and also capture these three packet. I found that the tcp checksum of the third packet captured by this computer is correct. I am really confused......... It seems that the NIC change the tcp checksum before sending it out? or the packet is not correctly captured by winpcap? Another problem I found is the length of the third packet. the caplen of the third packet captured in the first computer is 54(14 MAC + 20 IP + 20 TCP) byte and the len in IP header is also 40 bytes. but the caplen of the third packet captured in the second computer is 60(14 MAC + 20 IP + 20 TCP + 6 ??? ) byte and the len in IP header is stil 40 bytes. because the 4 bit TCP Header length is 5 which means the length of TCP header should be 20 byte, then what is the last 6 byte for ????? Any information about this question are all welcome...... ;-) Cheers Huang Tao mailto: [EMAIL PROTECTED] ================================================================== This is the WinPcap users list. It is archived at http://www.mail-archive.com/[EMAIL PROTECTED]/ To unsubscribe use mailto: [EMAIL PROTECTED] ==================================================================
