IP Checksum Errors on Catalyst 6509

Unanswered Question
Jan 14th, 2008

We have been seeing IP Checksum errors on a catalyst 6509. I am using a sniffer to look at the packets based upon the timestamp for that message on the catalyst 6509 syslog.

However, I am not really sure what I am looking for as I review the packets. Any assistance would be greatly appreciated!!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
miheg Mon, 01/14/2008 - 07:18

I guess it mentions at least one if not two ip addresses in the error? There's your filter.

I would expect if the catalyst looks at the packets at that level it would be packets that are routed by the switch.

But usually packets that have a correct CRC bu a bad checksum give me the "I'm being hacked" feeling so I start looking for someone knowledgeable to send crafted packets.

Cheers,

Michel

jackrivituso Mon, 01/14/2008 - 08:30

No, actually all I see is this:

*Jan 14 04:16:19: %MLS_STAT-SP-4-IP_CSUM_ERR: IP checksum errors

*Jan 14 04:48:49: %MLS_STAT-SP-4-IP_LEN_ERR: MAC/IP length inconsistencies

*Jan 14 08:18:19: %MLS_STAT-SP-4-IP_CSUM_ERR: IP checksum errors

*Jan 14 08:51:49: %MLS_STAT-SP-4-IP_LEN_ERR: MAC/IP length inconsistencies

*Jan 14 11:51:49: %MLS_STAT-SP-4-IP_CSUM_ERR: IP checksum errors

*Jan 14 12:32:49: %MLS_STAT-SP-4-IP_CSUM_ERR: IP checksum errors

*Jan 14 14:28:49: %MLS_STAT-SP-4-IP_CSUM_ERR: IP checksum errors

miheg Tue, 01/15/2008 - 00:58

I see, Some of these errors make me wonder.....why doesn't just say : error

A complete lack of common sense. It should at least mention the port it was received on.

Bottom line, you will have to do a show command to see what port is dropping/discarding packets.

It can be a bad NIC card or a bad cable.

Here is what cisco says about it.

http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801b42bf.shtml#prob1

Cheers

Michel

jackrivituso Tue, 01/15/2008 - 07:25

Thanks, but can you be more specific as to what command i should use to identify the devices dropping packet? thanks

miheg Wed, 01/16/2008 - 06:21

You need to identify a port on which you have received a bad packet.

I'm not good at typing commands. I rely heavily on IOS ability to show the options using ? In my opinion IOS would be useless without that.

Command would be something like:

show interface counters errors

Always use the ? after a command to see what other options might be interesting to you.

Cheers,

Michel

Actions

This Discussion