Avalanche: CyberFlood: Why L2 FCS checksum is not available in PCAP captured in Avalanche Commander or CyberFlood Controller?

Avalanche: Cyberflood: Why L2 FCS checksum is not available in PCAP captured in Avalanche Commander or Cyberflood Controller?

• Avalanche main CPU adds a "0x0000" checksum in the IP header and a random checksum in the TCP header. This is because VIAVI NICs are able to offload this function from the main CPU to improve performance. The NICs will calculate the correct checksum and fill it in both the IP header and TCP checksum field.   • Avalanche captures the packets at the network driver in all appliances. The normal network driver knows to ignore the checksum and assumes it is being handled correctly by the NIC.   • Wireshark, however, calculates the checksum by default and matches it with what is in the packet, reporting the error falsely. It is unlikely you will receive real errors with Wireshark, as the CRC32 checks by the NIC and switch will drop errored packets, and you won't see them. So, it is best to turn this feature off in the appropriate preferences section for each protocol.   • Wireshark Preferences --> Protocols --> Ethernet --> Options related to FCS • Assume packets have FCS • Validate the Ethernet Checksum, if possible • etc. WORKAROUND: You will find the checksum is correct if you do the capture inline by a switch mirror.