01-14-2008 05:26 AM
We have been seeing IP Checksum errors on a catalyst 6509. I am using a sniffer to look at the packets based upon the timestamp for that message on the catalyst 6509 syslog.
However, I am not really sure what I am looking for as I review the packets. Any assistance would be greatly appreciated!!
01-14-2008 07:18 AM
I guess it mentions at least one if not two ip addresses in the error? There's your filter.
I would expect if the catalyst looks at the packets at that level it would be packets that are routed by the switch.
But usually packets that have a correct CRC bu a bad checksum give me the "I'm being hacked" feeling so I start looking for someone knowledgeable to send crafted packets.
Cheers,
Michel
01-14-2008 08:30 AM
No, actually all I see is this:
*Jan 14 04:16:19: %MLS_STAT-SP-4-IP_CSUM_ERR: IP checksum errors
*Jan 14 04:48:49: %MLS_STAT-SP-4-IP_LEN_ERR: MAC/IP length inconsistencies
*Jan 14 08:18:19: %MLS_STAT-SP-4-IP_CSUM_ERR: IP checksum errors
*Jan 14 08:51:49: %MLS_STAT-SP-4-IP_LEN_ERR: MAC/IP length inconsistencies
*Jan 14 11:51:49: %MLS_STAT-SP-4-IP_CSUM_ERR: IP checksum errors
*Jan 14 12:32:49: %MLS_STAT-SP-4-IP_CSUM_ERR: IP checksum errors
*Jan 14 14:28:49: %MLS_STAT-SP-4-IP_CSUM_ERR: IP checksum errors
01-15-2008 12:58 AM
I see, Some of these errors make me wonder.....why doesn't just say : error
A complete lack of common sense. It should at least mention the port it was received on.
Bottom line, you will have to do a show command to see what port is dropping/discarding packets.
It can be a bad NIC card or a bad cable.
Here is what cisco says about it.
http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801b42bf.shtml#prob1
Cheers
Michel
01-15-2008 07:25 AM
Thanks, but can you be more specific as to what command i should use to identify the devices dropping packet? thanks
01-16-2008 06:21 AM
You need to identify a port on which you have received a bad packet.
I'm not good at typing commands. I rely heavily on IOS ability to show the options using
Command would be something like:
show interface counters errors
Always use the ? after a command to see what other options might be interesting to you.
Cheers,
Michel
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide