[326] in linux-net channel archive
Re: UDP: bad checksum messages in syslog ?
daemon@ATHENA.MIT.EDU (Matti E. Aarnio [OH1MQK])
Tue May 16 10:09:40 1995
From: "Matti E. Aarnio [OH1MQK]" <mea@mea.cc.utu.fi>
To: agulbra@troll.no (Arnt Gulbrandsen)
Date: Tue, 16 May 1995 15:49:42 +0300 (EET DST)
Cc: ganderson@clark.net, linux-net@vger.rutgers.edu
In-Reply-To: <Pine.LNX.3.91.950516110105.1078H-100000@pentagram.troll.no> from "Arnt Gulbrandsen" at May 16, 95 11:06:38 am
> > May 14 03:07:41 garc kernel: UDP: bad checksum. From 80B75CF1:138 to \
> > 80B7FFFF:138 ulen 216
>
> From 128.183.92.241 Port 312 to 128.183.255.255 port 312. What's running
> on that port, and what broken operating system is 128.183.92.241 running?
No, the port-numbers are in decimal, while IP-addresses are in HEX.
/etc/services has this line: netbios-dgm 138/udp
> > May 15 06:59:23 garc kernel: UDP: bad checksum. From 00000000:67 to \
> > FFFFFFFF:67 ulen 308
>
> This one's more weird. It's right of linux to log it, though, it's
> unlikely that a packet claiming to come from 0.0.0.0 can actually be
> valid, but the error linux logs isn't likely to be the actual error,
> there's some more fundamental error, probably, which you'll probably need
> a wizard and his sword (tcpdump) to find.
That is a BOOTP-query with faulty software. To fully analyze it,
the packet should be looked into, and senders ethernet MAC dug up
from it. (But now the kernel throws it away..)
A bit less faulty BOOTP-request looks like this:
UDP: bad checksum. From 00000000:68 to FFFFFFFF:67 ulen 308
I see these something like 5-10 per day, while our network has
correctly working BOOTP-queries something like 5k - 20k in the
same time.
/etc/services has:
bootps 67/udp bootp server
bootpc 68/udp bootp client
That is, client sends from port 68, while server listens on port 67.
> --Arnt
/Matti Aarnio <mea@utu.fi>
