To resolve this issue, check if the packets that have incorrect TCP checksums are sent by the virtual machine on which the capture is running. When virtual machines use TCP checksum offloading, the TCP checksum is added to the packet by the network interface and not by the TCP/IP stack of the operating system. This means that the network traffic is captured before the checksum is calculated and, therefore, the checksum is incorrect. In this case, you can safely ignore the error.
Note: Wireshark 1.2 and above disable IP, TCP, and UDP checksum validation by default.
You can disable TCP checksum verification on Wireshark, so that it does not report any errors.
To disable TCP checksum verification on Wireshark:
- Click Preferences > Edit. The Preferences dialog opens.
- Click Protocols > TCP in the left pane.
- Deselect Check the validity of the TCP checksum when possible.
- Click Apply.
- Click OK.
Alternatively, start Wireshark from the Windows command line and ensure that checksum offload validation is disabled from the launch of the application:
- Click Start, type cmd, and click OK.
- Run the command:
cd "C:\Program Files\Wireshark\Wireshark.exe"
- From within the Wireshark directory, type:
wireshark.exe -o tcp.check_checksum:false
For more information about Wireshark checksum validation, see
http://wiki.wireshark.org/CaptureSetup/Offloading.