Customer Service Center

• Why L2 FCS checksum is not available in PCAP captured in Avalanche Commander?
• Why L2 FCS checksum is not available in PCAP captured in Cyberflood Controller?
• Why are there checksum errors in my Avalanche trace file?

• Avalanche Commander Controller v4.x +
• Cyberflood Controller v18.x +
• PCAPs from results (CPU Captured)

• Avalanche main CPU add a "0x0000" checksum in the IP header and add a random checksum in the TCP header, this is because Avalanche NICs are able to offload this function from the main CPU to improving performance, and NICs will caculate the correct checksum and fill it in both IP header and TCP checksum field.

• Avalanche captures the packets at  network driver in all appliances and most TestCenter modles. The normal network driver knows to ignore the checksum, not doing the work, and assumes it is being handled correctly by the NIC.

• Wireshark however calculates the checksum by default and matches it with what is in the packet, reporting the error falsely. It is unlikely you will receive real errors with Wireshark, as the CRC32 checks by the NIC and switch will drop errored packets and you won't see them. So you are best off turning this feature off in the appropriate preferences section for each protocol.

• Wireshark Preferences --> Protocols --> Ethernet --> Options related to FCS
  • Assume packets have FCS
  • Validate the Ethernet Checksum if possible
  • etc.

WORKAROUND: You will find the checksum right If you do capture inline by a switch mirror.

NOTE & WORKAROUND2: Spirent TestCenter (if available) can be used as a Network TAP, and this controller can capture Packets at a lower level with the FCS field in place (without) offloading this function to the Network Driver on the Operating System. if need assistance for setting up STC as network TAP, please create a new support ticket for the STC Support Team.