# Wireshark Question: "TCP checksum offload"



## rmartin

Hello all,

I am having an issue with users in our network connecting to 3 sites in particular (all of which are educational and necessary). Here is the deal:

If I use a proxy (anonymizer) I can connect to these site but if I try and use our regular internet connection it gives me the "IE cannot display this page message".

I ran wireshark on my machine and sniffed the attempted connection to www.joby.com or fablevision.com and got the same results.

According to wireshark it say's:
"checksum: 0xaa4b [incorrect, should be 0x4e79 (maybe caused by "TCP checksum offload"?)] Bad Checksum: True


We use an 8e6 webfilter but this is NOT causing the issue as we are not getting a 'blocked' notice from it. Any ideas on how to clear up this problem? Any guidance/help is greatly appreciated.

Regards:4-dontkno


----------



## johnwill

TCP checksum offload is a function of your NIC and drivers. Maybe you need updated drivers or a new NIC?


----------



## xinutel

I was able to fix this problem for myself by disabling checksum offloading on the network card.

Looking around, it seems others have the same experience...

http://communities.vmware.com/thread/167372 
http://seer.entsupport.symantec.com/docs/290098.htm
http://blogs.technet.com/jonjor/arc...and-needs-attention-communication-issues.aspx


----------



## Hapse

Hi i simply made an account to thank you for your help as i was getting quite annoyed of the all the disconnects i had

A guide:

1. Open Device manager (right click "Computer" and click "Manage")
2. Click on "Device Manager"
3. Expand "Network adapters"
4. Right click your network adapter mine is called "Nvidia nForce 10/100/1000 Mbps Ethernet" etc.
5. click "properties"
6. click the tab named "Advanced"
7. Find "IP Checksum Offload" and click it
8. Put the value to the right to "Disabled"
9. Find "TCP Checksum offload (IPvX)
10. Set the value to the right to "Disabled"

Thats what helped me :wave:
(im on a nForce NIC)

Edit: added 9+10 

-Hapse


----------



## Agazoth

Thanx a bunch!

Had this problem on our Microsoft Forefront Identity Management setup, when running full sync on several MAs at once. In FIM I just got stopped-database-connection-lost and no errors in the eventlog on any of the servers.

Fixed the NICs on both the FIM server and the SQL server resulting in smooth, error-free run.

:dance:


----------

