diff --git a/Cargo.lock b/Cargo.lock
index a38385e..0ec259b 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1433,6 +1433,7 @@ checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"
 name = "sdlan-rs"
 version = "0.1.0"
 dependencies = [
+ "crc",
  "dashmap 6.1.0",
  "dns-lookup",
  "etherparse",
diff --git a/Cargo.toml b/Cargo.toml
index e7b6919..6ce65bc 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -4,6 +4,7 @@ version = "0.1.0"
 edition = "2021"
 
 [dependencies]
+crc = "3.2.1"
 dashmap = "6.0.1"
 dns-lookup = "2.0.4"
 etherparse = "0.15.0"
diff --git a/src/network/arp.rs b/src/network/arp.rs
index 0c3ae23..d6c3063 100644
--- a/src/network/arp.rs
+++ b/src/network/arp.rs
@@ -13,6 +13,8 @@ use tokio::sync::{
     oneshot,
 };
 
+use crate::utils::CRC_HASH;
+
 use super::{get_edge, get_route_table};
 
 static GLOBAL_ARP: OnceCell<ArpActor> = OnceCell::new();
@@ -87,7 +89,7 @@ impl ArpHdr {
     }
 
     pub fn marshal_to_bytes(&self) -> Vec<u8> {
-        let mut result = Vec::with_capacity(42);
+        let mut result = Vec::with_capacity(64);
         result.extend_from_slice(&self.ethhdr.dest);
         result.extend_from_slice(&self.ethhdr.src);
         result.extend_from_slice(&self.ethhdr.eth_type.to_be_bytes());
@@ -103,6 +105,10 @@ impl ArpHdr {
         result.extend_from_slice(&self.dhwaddr);
         result.extend_from_slice(&self.dipaddr[0].to_be_bytes());
         result.extend_from_slice(&self.dipaddr[1].to_be_bytes());
+        result.extend_from_slice(&[0; 18]);
+
+        let crc = CRC_HASH.checksum(&result).to_be_bytes();
+        result.extend_from_slice(&crc);
 
         result
     }
diff --git a/src/network/async_main.rs b/src/network/async_main.rs
index b341187..681fb5c 100644
--- a/src/network/async_main.rs
+++ b/src/network/async_main.rs
@@ -14,7 +14,7 @@ use crate::pb::{
     SdlRegisterSuperAck, SdlRegisterSuperNak, SdlSendRegisterEvent, SdlStunRequest, Sdlv6Info,
 };
 use crate::tcp::{init_tcp_conn, EventType, NakMsgCode, PacketType, SdlanTcp};
-use crate::utils::{send_to_sock, CommandLine};
+use crate::utils::{send_to_sock, CommandLine, CRC_HASH};
 use crate::ConnectionState;
 use etherparse::ether_type::ARP;
 use etherparse::{Ethernet2Header, IpHeaders};
@@ -661,12 +661,14 @@ async fn edge_send_packet_to_net(eee: &Node, data: &[u8]) {
                     etherheader.destination = mac;
                     etherheader.ether_type = etherparse::EtherType::IPV4;
                     etherheader.source = src_mac;
-                    let mut packet = Vec::with_capacity(14 + data.len());
+                    let mut packet = Vec::with_capacity(14 + data.len() + 4);
                     packet.extend_from_slice(&etherheader.to_bytes()[..]);
                     packet.extend_from_slice(&data);
+                    let crc = CRC_HASH.checksum(&packet);
+                    packet.extend_from_slice(&crc.to_be_bytes());
 
                     let pkt_size = packet.len();
-                    println!("sending data with mac");
+                    // println!("sending data with mac");
 
                     let Ok(encrypted) = aes_encrypt(&encrypt_key, &packet) else {
                         error!("failed to encrypt packet request");
diff --git a/src/network/packet.rs b/src/network/packet.rs
index 59299a9..60bf5e3 100644
--- a/src/network/packet.rs
+++ b/src/network/packet.rs
@@ -4,7 +4,10 @@ use std::{
     time::Duration,
 };
 
-use crate::{network::send_packet_to_net, utils::mac_to_string};
+use crate::{
+    network::send_packet_to_net,
+    utils::{mac_to_string, CRC_HASH},
+};
 
 use crate::{
     config::{NULL_MAC, REGISTER_INTERVAL},
@@ -767,6 +770,17 @@ async fn handle_tun_packet(
     debug!("got packet from sock, will send to tun");
     match Ethernet2Header::from_slice(&data) {
         Ok((hdr, rest)) => {
+            if rest.len() < 4 {
+                error!("payload length error");
+                return;
+            }
+            let crc_code = &rest[(rest.len() - 4)..rest.len()];
+            let rest = &rest[..(rest.len() - 4)];
+            let crc_hash: crc::Crc<u32> = crc::Crc::<u32>::new(&crc::CRC_32_CKSUM);
+            let ck = CRC_HASH.checksum(&data[..(data.len()) - 4]);
+            let sent_ck = u32::from_be_bytes(crc_code.try_into().unwrap());
+            debug!("ck = {}, sent_ck = {}", ck, sent_ck);
+
             debug!("ip size is {}", rest.len());
             let edge = get_edge();
             let self_mac = edge.device_config.get_mac();
@@ -868,7 +882,7 @@ async fn handle_tun_packet(
                         debug!("send to tun {} bytes", size);
                     }
                     Err(e) => {
-                        error!("failed to send to device");
+                        error!("failed to send to device: {}", e.to_string());
                     }
                 }
                 // edge.tun.send_data_to_tun(Vec::from(hdr.1)).await;
diff --git a/src/utils/mod.rs b/src/utils/mod.rs
index d146c0b..daee6f4 100644
--- a/src/utils/mod.rs
+++ b/src/utils/mod.rs
@@ -9,6 +9,8 @@ pub use socks::*;
 mod pid_recorder;
 pub use pid_recorder::PidRecorder;
 
+pub const CRC_HASH: crc::Crc<u32> = crc::Crc::<u32>::new(&crc::CRC_32_CKSUM);
+
 pub fn mac_to_string(mac: &Mac) -> String {
     format!(
         "[{:02x}:{:02x}:{:02x}:{:02x}:{:02x}:{:02x}]",