# IP checksum issue



## williamy (Mar 25, 2013)

Hi, 

I came across an issue like below, truncated-ip


```
#tcpdump -i vlan2 -vvv src 192.168.2.3
tcpdump: listening on vlan2, link-type EN10MB (Ethernet), capture size 96 bytes
22:58:17.303721 IP truncated-ip - 15300 bytes missing! (tos 0x0, ttl 64, id 50646, offset 512, flags 

[none], proto TCP (6), length 15360, bad cksum b0a0 (->b49c)!)
    192.168.2.3 > 78.141.179.12: tcp
22:58:25.034169 IP truncated-ip - 15300 bytes missing! (tos 0x0, ttl 64, id 4357, offset 512, flags [none], 

proto TCP (6), length 15360, bad cksum de3e (->e23a)!)
    192.168.2.3 > 157.55.235.149: tcp
22:58:25.634699 IP truncated-ip - 15300 bytes missing! (tos 0x0, ttl 64, id 21393, offset 512, flags 

[none], proto TCP (6), length 15360, bad cksum 22e6 (->26e2)!)
    192.168.2.3 > 78.141.179.12: tcp
22:58:26.013797 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.2.1 tell 192.168.2.3, length 

46
22:58:26.051937 IP truncated-ip - 15300 bytes missing! (tos 0x0, ttl 64, id 29753, offset 512, flags 

[none], proto TCP (6), length 15360, bad cksum 2e0d (->3209)!)
^C    192.168.2.3 > 157.55.56.147: tcp
```

Thanks in advance.


----------



## J65nko (Mar 25, 2013)

For the IP checksum issue see Why tcpdump sometimes drops packets, mangles DNS and shows bad checksums

I don't know about the *truncated-ip* problem. According to some results from a google search it is probably caused by a fragmented IP packet. tcpdump operating at Ethernet packet level, sees the fragmented packet before the network stack will reassemble these fragmented packets.


----------

