Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1082
Views
0
Helpful
5
Replies

IP Checksum Errors on Catalyst 6509

jackrivituso
Level 1
Level 1

‎01-14-2008 05:26 AM

We have been seeing IP Checksum errors on a catalyst 6509. I am using a sniffer to look at the packets based upon the timestamp for that message on the catalyst 6509 syslog.

However, I am not really sure what I am looking for as I review the packets. Any assistance would be greatly appreciated!!

Labels:
0 Helpful
5 Replies 5

miheg
Level 5
Level 5

‎01-14-2008 07:18 AM

I guess it mentions at least one if not two ip addresses in the error? There's your filter.

I would expect if the catalyst looks at the packets at that level it would be packets that are routed by the switch.

But usually packets that have a correct CRC bu a bad checksum give me the "I'm being hacked" feeling so I start looking for someone knowledgeable to send crafted packets.

Cheers,

Michel

0 Helpful

jackrivituso
Level 1
Level 1
In response to miheg

‎01-14-2008 08:30 AM

No, actually all I see is this:

*Jan 14 04:16:19: %MLS_STAT-SP-4-IP_CSUM_ERR: IP checksum errors

*Jan 14 04:48:49: %MLS_STAT-SP-4-IP_LEN_ERR: MAC/IP length inconsistencies

*Jan 14 08:18:19: %MLS_STAT-SP-4-IP_CSUM_ERR: IP checksum errors

*Jan 14 08:51:49: %MLS_STAT-SP-4-IP_LEN_ERR: MAC/IP length inconsistencies

*Jan 14 11:51:49: %MLS_STAT-SP-4-IP_CSUM_ERR: IP checksum errors

*Jan 14 12:32:49: %MLS_STAT-SP-4-IP_CSUM_ERR: IP checksum errors

*Jan 14 14:28:49: %MLS_STAT-SP-4-IP_CSUM_ERR: IP checksum errors

0 Helpful

miheg
Level 5
Level 5
In response to jackrivituso

‎01-15-2008 12:58 AM

I see, Some of these errors make me wonder.....why doesn't just say : error

A complete lack of common sense. It should at least mention the port it was received on.

Bottom line, you will have to do a show command to see what port is dropping/discarding packets.

It can be a bad NIC card or a bad cable.

Here is what cisco says about it.

http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801b42bf.shtml#prob1

Cheers

Michel

0 Helpful

jackrivituso
Level 1
Level 1
In response to miheg

‎01-15-2008 07:25 AM

Thanks, but can you be more specific as to what command i should use to identify the devices dropping packet? thanks

0 Helpful

miheg
Level 5
Level 5
In response to jackrivituso

‎01-16-2008 06:21 AM

You need to identify a port on which you have received a bad packet.

I'm not good at typing commands. I rely heavily on IOS ability to show the options using ? In my opinion IOS would be useless without that.

Command would be something like:

show interface counters errors

Always use the ? after a command to see what other options might be interesting to you.

Cheers,

Michel

0 Helpful
Customers Also Viewed These Support Documents