Incorrect Ip Packet Checksum....

Discussion in 'ESET Smart Security' started by reevesloh, Dec 19, 2009.

Thread Status:
Not open for further replies.
  1. reevesloh

    reevesloh Registered Member

    Joined:
    Jul 6, 2009
    Posts:
    160
    Changed my modem into modem/router D-Link a month ago and my firewall log keep showing tat "Incorrect Ip Packet Checksum" after i change modem....Currently using ESS 4 latest version and any solution?
     

    Attached Files:

  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Please create 2 logs with network traffic captured using Wireshark; one with the firewall enabled and one with the fw disabled. Let me know when done so that I can provide you further instructions.

    Do you notice any network problems when this message occurs in the log?
     
  3. reevesloh

    reevesloh Registered Member

    Joined:
    Jul 6, 2009
    Posts:
    160
    Well i using STREAMYX internet and that event appear everytime it change ip address...My internet provide me dynamic ip address and it keep change ip address every hours...Before i change into my new modem it show "Convert address...."something like that....and how to use wireshark?
     
  4. CvP

    CvP Registered Member

    Joined:
    Jan 2, 2010
    Posts:
    13
    I'm sick and tired of this problem.
    all my 100mbps LAN transfers average down to 3.5mbps (all win7).
    I tried so many things only to find out today that turning off ESET firewalls on source AND target pc, gives me full (and constatn) 100mbps.
    turn on in any pc, speed spikes and averages to 3.5mbps.
    turn it off, instant 100mbps.
    Clip.jpg


    firewall log is filled with this incorrect ip checksum.

    though i have WRT54GL router, it doesnt matter.
    as similar spikes happen even when using 100mbps crossover cable.

    now that im on eset forums, i can find plenty more people posted the same problem. STILL NO OFFICIAL FIX FROM ESET.

    PS: i'm feeling sorry for the 14 licenses i bought in last few months.
     
    Last edited: Jan 2, 2010
  5. The PIT

    The PIT Registered Member

    Joined:
    Sep 4, 2008
    Posts:
    185
    Should try it on a gigabit network chugs along at 20 mb's when doing a backup. Enable jumbo packets and still the same. Remove eset and fix the winsock and suddenly 60mb to 90 mb.
    Re-install eset back to 20mb.
    There certianly is a problem with the firewall and how it handles packets.
     
  6. CvP

    CvP Registered Member

    Joined:
    Jan 2, 2010
    Posts:
    13
    added a screenshot of the network traffic. i hope this clears up how miserable it has become for me to use ESET when i need to frequently transfer 100GB data from here to there.

    i will try to post a wireshark log soon.

    oh i forgot to mention, disabling those IDS settings do NOT help as described in the knowledge base.
     
    Last edited: Jan 2, 2010
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    So it happens with ESS 4.2.22, too?
     
  8. stratoc

    stratoc Guest

    4.2.22 was only version of smart i tried on win 7 64 bit. loads of inncorrect.... messages and problems with on line games.
    nod 32 4.2. works a dream but the firewall is a nightmare.
    im currently using nod32 4.2 with pc tools firewall + which is working fine.
    nvidia and realtek network adaptors latest drivers for both
    bt home hub router.
     
  9. CvP

    CvP Registered Member

    Joined:
    Jan 2, 2010
    Posts:
    13
    My version: 4.0.467.0
    Code:
    Virus signature database: 4738 (20100102)
    Update module: 1031 (20091029)
    Antivirus and antispyware scanner module: 1254 (20091221)
    Advanced heuristics module: 1099 (20091030)
    Archive support module: 1105 (20091029)
    Cleaner module: 1048 (20091123)
    Anti-Stealth support module: 1012 (20090526)
    Personal firewall module: 1055 (20091215)
    Antispam module: 1013 (20091104)
    SysInspector module: 1213 (20090902)
    Self-defense support module : 1009 (20090917)
    currently downloading the one available in site.
    is there any need to check with 4.2.22 (the beta i presume) unless this problem has been specifically addressed?


    some more info:
    I have two laptops (L1, L2) and a PC sitting around me. all win 7 32 bit, fully updated (along with drivers).
    initially, i faced this problem no matter which computers were involved, no matter which path i used (router, crossover or router+wireless).

    after fiddling with many network card settings and disabling windows RDC, I somehow managed to get full speeds even with firewall on from PC to L1.
    but PC to L2 still has the same problem (on some rare occasions, it works though).

    but the fact remains that out of the box windows 7 installation + ESET firewall really didn't work properly. and turning off eset firewall, works like a charm.

    PS: latest version is 474. why is my version still 467? eset has no autoupdate or what?!!
     
    Last edited: Jan 2, 2010
  10. CvP

    CvP Registered Member

    Joined:
    Jan 2, 2010
    Posts:
    13
    wireshark logs. i hope this is what you are looking for.

    sorry about the file size :blink:
    might be doing something wrong. i have not used wireshark before.

    firewall ON.pcap = bad speed (average ~25% of max speed)
    firewall OFF.pcap = smooth maximum speed
     
  11. The PIT

    The PIT Registered Member

    Joined:
    Sep 4, 2008
    Posts:
    185
    Too be honest I'd be looking at your dlink here.
    What model is ito_O
     
  12. CvP

    CvP Registered Member

    Joined:
    Jan 2, 2010
    Posts:
    13
    what dlink?
    the router is LinkSYS. the nics are realtake x2, broadcom x2, tp-link, wireless.
    no combination works (with or without routers)
     
  13. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Still, it's not clear whether this computer is already running ESS 4.2.22 beta. If not, try installing it first to see if it makes a difference. What OS is installed on that computer?
     
  14. CvP

    CvP Registered Member

    Joined:
    Jan 2, 2010
    Posts:
    13
    desktop, L1 and L2, all are on win 7 32bit fully updated and eset 4.0.467.0

    ok, i will get the beta and install it on all of them and give a try.
     
  15. CvP

    CvP Registered Member

    Joined:
    Jan 2, 2010
    Posts:
    13
    the problem persists in 4.2.2 beta also.
    confirmed.
     
  16. CvP

    CvP Registered Member

    Joined:
    Jan 2, 2010
    Posts:
    13
    No response?!
     
  17. CvP

    CvP Registered Member

    Joined:
    Jan 2, 2010
    Posts:
    13
    is this how eset support their customers?

    I have reported an issue with the things you needed.
    Now it is your turn to either acknowledge the problem, solve it or let me know what more do you need.

    maintaining silence is not an option.

    if you guys think it is fun to run around and shut off firewalls in BOTH computer before transfering files and then turn them back on again after transfer ends..please be sure to add this comment on your product box next time.
     
  18. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    1, when reporting an issue that requires follow-up it's always better to contact customer care so that a ticket is created and its history can be tracked down by other support persons as well.

    2, when creating a pcap log with firewall enabled, make sure that the "Log all blocked connections" option is enabled in the IDS setup. The corresponding firewall log is often needed when pcap logs are analysed by ESET developers.

    3, the pcap logs you submitted show communication over IPv6. Does it make a difference if you uninstall IPv6 and leave only IPv4 installed?
     
  19. CvP

    CvP Registered Member

    Joined:
    Jan 2, 2010
    Posts:
    13
    1, 2: you should have told me earlier when i did all those testing

    3: afaik, ipv6 comes with win7. how do i "uninstall" it?
    just disabling ipv6 from network adapter will do?
     
  20. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I assume this is the only way to disable IPv6. On WinXP, you would accomplish that by running "netsh int ipv6 uninstall"
     
  21. BenKenobe

    BenKenobe Registered Member

    Joined:
    Feb 20, 2010
    Posts:
    3
    Incorrect packet checksum is caused by checksum offloading in the NIC card configuration it is not an error. The calculation is being done elsewhere so the sniffer can't see it and reports it as an error.
     
  22. CvP

    CvP Registered Member

    Joined:
    Jan 2, 2010
    Posts:
    13
    Yeah, makes sense. There are some options in nic properties titled "large send offload ...."

    I will test disabling them. but the questions still remains, why ESET will not work with it. who's in a right mind will want to calculate checksums on pc when offloading to nic is possible.
     
  23. a3_alin

    a3_alin Registered Member

    Joined:
    Mar 5, 2009
    Posts:
    59
    Location:
    Romania
    Same problem in all ess version... W7x32... direct internet connection...dynamic ip...
     
  24. steiner666

    steiner666 Registered Member

    Joined:
    Nov 24, 2009
    Posts:
    5
    Well, the thread i started last year seems pretty dead, but since everyones having the same problem I'll just post here.

    After over half a year, I thought I'd come back through these forums and see if Eset has provided a solution for this problem. I figured "I'll just disable the firewall and use windows firewall for now, or just disable it when I need to transfer files at anything but a fraction of my available gigabit LAN speeds. It's a new OS, and sure they should have had plenty of time to test with the early builds of win7, but I'll give them some time to work this out.

    Obviously they have not fixed it - it doesn't even appear that they've actually acknowledged that there is any sort of problem at all.

    It's so frustrating that the security program that I have been recommending to customers for years (and pre-installing trial versions on their PCs) is so obviously flawed with an OS that's increasing in popularity by leaps and bounds. I've already had a few customers come to me with problems with slow LAN transfers. When i tell them that the only solution is to disable the firewall and leave it disabled for as long as they want to see full network speed, their resounding question is always: "Then what the hell am I paying for one for?"

    I'd like to echo that question here. WTF, should I start recommending Kaspersky or others because of Eset's obvious lack of support or concern for widespread issues like this? Is anything being done about it? Because all the "support" i'm seeing in every thread about this problem goes something like this:

    - "Post a Wireshark/firewall log."

    - "Try updating"

    - *lengthy silence*

    I've even tried formatting and reinstalling Win7 JUST because of this issue. I've tried x64 and x86, I've updated everything, reinstalled everything. Through all of this i've learned one all-important fact that might help us cut through the typical BS procedure listed above so that we can maybe start getting to the source of the problem:

    This happens on every single PC running any version of Microsoft Windows 7 that is also running Eset Smart Security (any version). I've tried it on fresh win7 installs (basic/pro/ultimate x64/x86 of all), pre-installed win7 (think they were all basics tho), existing win7 installations, everything. Basically, on any PC with windows7 that came through my office to be worked on it in the past few months (dozens i'd say) - I would try installing ESS4 on it and transferring files across the network. End result = none moved files at anything but a crawl.
     
    Last edited: Mar 19, 2010
  25. robis

    robis Registered Member

    Joined:
    Mar 21, 2009
    Posts:
    149
    long time ago I had same isue as you

    for me fix was uninstall ESET SS (means totaly uninstall with settings ... somewhere in forum you will find how ... means somewhere is KB writen)
    and installing again - for me this caused wrong firewall settings
     
Thread Status:
Not open for further replies.