This article was previously published under Q243294
When you view a capture created in the Network Monitor tool, the checksum for the TCP header may show as being corrupted.
This behavior occurs because some Network Driver Interface Specification (NDIS) drivers allow Windows to offload the computation of checksums to the network adapter itself.
This feature was added to remove the computationally expensive checksum calculation operation from the main CPU, which generally results in improved performance. Network Monitor installs its filter driver between the NDIS driver for the network adapter and the TCP/IP stack. This results in captures of packets that are sent from the TCP/IP stack to the network driver being shown as having invalid checksums because they have not been calculated yet. The packet checksum is calculated before being sent to the network, which is why communication continues. The other computer has no knowledge of how or where the checksum is performed, only that the value is correct.
It is generally not a good idea to capture from one of the computers involved in the communication stream. Because this affects only the data from the specific computer, this should not adversely affect a capture.
netmon.exe nic interface card error offloading sniffer protocol analyzer