Problem with tcprewrite UDP checksum and IP fragment

Problem with tcprewrite UDP checksum and IP fragment

Post by lhommedumatc » Sat, 04 Jul 2009 01:08:42


I'm trying to simulate a communication between two PC.
PC1 ( is sending data using unicast to PC2
To simulate after this communication, I've made a cap file with
ethereal on PC2.

My first problem is when data are larger than MTU (1500 bytes), it
happens that I don't have all IP fragments in the capture file.
If you have an idea where can it come from?
I think it's just a problem of capturing with ethereal (may be it
drops fragment).

My second problem is when I want to replay the capture with tcpreplay:
Between PC3( and PC4(
First I change the MAC addresses:
tcprewrite --enet-dmac=00:55:22:AF:C6:37 --enet-smac=00:44:66:FC:29:AF
--infile=input.pcap --outfile=output.pcap
When I open the output.cap file, UDP checksum are correct

Then I change the IP adresses:
tcprewrite --srcipmap= --
infile=outfile.pcap --outfile=outfile2.pcap
tcprewrite --dstipmap= --
infile=outfile2.pcap --outfile=outfile3.pcap

When I try to open outfile3.pcap, wireshark tells me that UDP checksum
incorrect for fragmented packet.
Then I force to fix checksum:
tcprewrite --fixcsum --infile=outfile3.pcap --outfile=outputFinal.pcap

The last command doesn't work for fragmented packet.
When I try to replay outputFinal, PC4 doesn't see data superior to MTU
even probably because of the UDP CHECKSUM INCORRECT.
I've tried to disable checksum of my NIC with ethtool but I still
doesn't receive packet.

Any help will help me.


1. UDP checksum problem in IP fragmentation?

I'm a developer, working on a proprietary network stack for a
network-attached storage device.

Using the Redhat 7.2 linux system uname-ed below, I can't get NFS to
work unless I set the read and write sizes to 1024.

I have a udp test program, "udptest," that sends UDP datagrams of a
size specified on the command line, and code on my proprietary server
that sends another UDP datagram in response.

When using that test program, if I send a 1024-byte UDP datagram from
Linux, which fits in a single IP/ethernet packet, it works fine. If I
send 2048, which takes two IP/ethernet packets, my code says there's a
problem with the UDP checksum.

Since udptest and NFS both work fine from FreeBSD, I'm suspicious of
this being a Linux bug rather than a bug in my own code.

Does anyone know anything about this?

$ uname -a
Linux testsrv 2.4.7-10 #1 Thu Sep 6 17:27:27 EDT 2001 i686 unknown



PS - I'd appreciate CC via email if responding to the group to be sure
that I don't miss it. Thanks!

2. Problems with S3 Virge 4Mb Card in X

3. Can tcpdump capture a complete UDP datagarm fragmented by IP layer?

4. Using nawk in a script

5. failed TCP/UDP checksum from <ip.address>!

6. Adding second hard drive and file system questions.

7. IP/UDP checksums


9. IP MASQ : TCP/UDP checksum errors

10. failed TCP/UDP checksum from <ip.address>!

11. UDP source IP address checksum bad -- kernel 1.3.21

12. IP Masq. failed TCP/UDP checksums

13. IP masquerading : TCP/UDP checksum errors