TCP/UDP Checksum Offload on RealTek NIC

I just wanted to do my cousin a favor and take look at his new computer he bought at a local IT store. He told me it’s kinda slow. Unfortunately, tt wasn’t just taking a look…

Characteristics of the problem

Newly installed, and also installed again using a recovery DVD, the computer had hangs by surfing the internet. Slow speed, some Websites did not load, mostly HTTPS SSL sites. In his case it was the eBanking software that didn’t work.

Troubleshooting

My first tought was Anti-Virus software, Firewalls: no success. Anti-Virus is not scanning traffinc, Windows Firewall has rules that allow all out- and the right incoming traffic.

Second tought:Computer is slow because he’s downloading over 100 windows updates in background. I took the time and downloaded all updates, installed them. Maybe one of the updates solves the problem. No success.

Third tought: there must be any tool blocking the traffic. I’ve unstalled mostly everything I didn’t know until today, disabled every senseless service. No success.

Fourth tought: Network issues. BANG! Success. Here’s how I analyzed that.

Analyze the unsuccessful network connections

Because Teamviewer didn’t work too, I decided to use that tool to produce the example traffic that will be analyzed. But that will work with an HTTPS site as well, I’m sure.

Network Traffic logging:

  • download Wireshark, install directly on Computer
  • Start Wireshark with no filters, without promisc. mode
  • start Teamviewer and wait until connections is established
  • stop Wireshark logging
  • set and apply a filter “ip.addr == my.computers.ip.address”

Teamviewer normally quickly connects to his servers and gives you a green light on the left bottom pane to tell you it’s ready to get help. On the computer with the issue, Teamviewer started with a red light, went to orange and tried to connect. Some seconds later it went back to red, then orange and finally green.

The analyzed traffic in Wireshark had a lot of black lines from local IP to an Internet IP of Wireshark. If I selected such a packet and opened the TCP part in the middle pane, it looked like this:

Nice from Wireshark, it tells me directly what’s wrong here. But what’s checksum offload?! After a search on Wikipedia:

TCP offload engine or TOE is a technology used in network interface cards (NIC) to offload processing of the entire TCP/IP stack to the network controller. It is primarily used with high-speed network interfaces, such as gigabit Ethernet and 10 Gigabit Ethernet, where processing overhead of the network stack becomes significant.

Source: http://en.wikipedia.org/wiki/TCP_offload_engine

Nice, but my NIC is a default 1GBit/s one connected to my DSL (5MBit/s). Don’t need that stuff here. How does that come, a manufacturer thinks it’s neccessary to implement such Server / Datacenter Features on a normal Workstation? Yes for IT Guys it’s nice to have, but shall that be enabled by default?

Disable TCP Checksum Offload

To disable Offloading, I opened the Network Card’s Advanced Settings

Step 1, open Network Properties:

and then press “configure” (“Konfigurieren” in the German Snapshot).

Step 2, in the next dialog go to advanced (“Erweitert”) and search for TCP offloading. There’s a lot about offloading, but what we need is TCP and UDP checksum offloading on IPv4.

Left side “Eigenschaft” means “Property” and right side “Wert” means “Value”. The value of “TCP Prüfsummenabladung” (means TCP checksum offloading) is set to “Rx & Tx aktiviert” (Rx & Tx activated).

After setting this to disabled for both TCP and UDP, everything went back to normal. Teamviewer works, eBanking works, everything. Wireshark also just logs valid successful connections from now on.

Weird experience.

Advertisements

Customize Windows 7 Logon Background

Every PC has the same logon screen, why not change that for yours? It really easy, but needs admin rights on the computer.

Requirements:

  • you need a picture that suits your screen i.e. 4:3 or 16:9 or whatever
  • the pic should be a JPG and smaller in size than 256kb
  • admin rights on the computer

What you have to do:

  • create or open existing folder: “%windir%\system32\oobe\info\backgrounds”
  • put your JPEG in here and name it “backgroundDefault.jpg”
  • use regedit and go to HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background
  • edit or create DWORD “OEMBackground” with a value of “1” / 0x1

This change is immediately activated, just lock the screen and check out if the picture shows up. If you’re having troubles feel free to ask here using the comment function.

SHA-256, 384 or 512 for Thunderbird’s Enigmail

My favorite GPG/PGP Thunderbird Plugin uses SHA1 hashes per default. I’ve tried to change it but found no easy way using the menu options. Thanks to Scuba Instructor for telling us how to change it:

SHA-1 is the default hash algorithm for Thunderbird’s Enigmail. As it looks like SHA-1 isn’t secure anymore you should use at least SHA-256 which might be the future strandard algorithm. Here is what you need to do:

Start Thunderbird, click Edit -> Preferences. Go to the Config Editor. Locate extensions.enigmail.mimeHashAlgorithm. Set the value to 3, 4 or 5. Default is 0 which means SHA-1. If you set it to 3 Enigmail will use SHA-256, 4 means SHA-384 and 5 SHA-512. If you set the value to 2 Enigmail will use RIPEMD-160. Not a bad choice either.

Source: jandives.wordpress.com/2011/06/18/sha-256-for-thunderbirds-enigmail

— Update Jun 13, 2014

Newer Versions of Enigmail seem to have issues by signing / encrypting Umlaute (German for Characters like äüö). As a workaround, just configure outgoing emails to UTF-8 instead ISO-8859-1. To do so:

  • Open Thunderbird Settings
  • Go to Tab “Display” -> “Formatting”
  • click on “Advanced” at Fonts
  • change “outgoing mail” to UTF-8 encoding

This should help.