Several network protocols use checksums to ensure data
Applying checksums as described here is also known as
7.8.1. Wireshark checksum validation
Wireshark will validate the checksums of several
protocols, e.g.: IP, TCP, UDP, ...
It will do the same calculation as a "normal receiver"
would do, and shows the checksum fields in the packet details
with a comment, e.g.: [correct], [invalid, must be
0x12345678] or alike.
Checksum validation can be switched off for various
protocols in the Wireshark protocol preferences, e.g. to
(very slightly) increase performance.
If the checksum validation is enabled and it detected
an invalid checksum, features like packet reassembling won't
be processed. This is avoided as incorrect connection data
could "confuse" the internal database.
7.8.2. Checksum offloading
The checksum calculation might be done by the network
driver, protocol driver or even in hardware.
For example: The Ethernet transmitting hardware
calculates the Ethernet CRC32 checksum and the receiving
hardware validates this checksum. If the received checksum is
wrong Wireshark won't even see the packet, as the Ethernet
hardware internally throws away the packet.
Higher level checksums are "traditionally" calculated
by the protocol implementation and the completed packet is
then handed over to the hardware.
Recent network hardware can perform advanced features
such as IP checksum calculation, also known as checksum
offloading. The network driver won't calculate the checksum
itself but will simply hand over an empty (zero or garbage filled)
checksum field to the hardware.
Checksum offloading often causes confusion as the
network packets to be transmitted are handed over to
Wireshark before the checksums are actually calculated.
Wireshark gets these "empty" checksums and displays them as
invalid, even though the packets will contain valid
checksums when they leave the network hardware
Checksum offloading can be confusing and having a lot
of [invalid] messages on the screen can be quite annoying. As
mentioned above, invalid checksums may lead to unreassembled
packets, making the analysis of the packet data much
You can do two things to avoid this checksum offloading
Turn off the checksum offloading in the network
driver, if this option is available.
Turn off checksum validation of the specific
protocol in the Wireshark preferences.