Reputation: 3
TCP calculate checksum
I am trying to calculate the checksum of the following packet: A TCP packet captured with wire shark
But I never managed to get the correct checksum (0x67ea).
I tried to calculate it like follows (of course with using one's complement sum):
source IP + destination IP + TCP protocol + (TCP header length + payload length) + payload
c0a8 + ae80 + c0a8 + ae01 + 0006 + 0026 + 6c69 + 646f + 720a = 420df
With the one's complement: 4 + 20df = 20e3
not(20e3) = df1c
Which is defiantly not the current checksum.
I also notice that every time I send the same payload, the checksum is changing so I guess it can't be those same unchanging variables and it must be more (for example timestamp..).
What are the exact parameters and the formula that checksum uses? and how can I calculate it?
Thanks for your help!
Upvotes: 0
Views: 3273
Answers (1)
Reputation:
You might've overlooked TCP fixed header and TCP options. These bytes also contribute to the checksum (not just TCP payload). Please note that the TCP checksum field (ddff) is replaced with 0 for correct calculation.
IPv4 SRC + IPv4 DST + IPv4 Protocol + TCP Segment Length +
TCP Fixed Header (with checksum field set to 0) +
TCP Options +
TCP Payload
gives you
c0a8 + ae80 + c0a8 + ae01 + 0006 + 0026 +
115c + dcba + 28d5 + 41da + 64e8 + 6a10 + 8018 + 01fe + 0000 + 0000 +
(csum)
0101 + 080a + 5c86 + c6f8 + bd62 e36f +
6c69 + 646f + 720a
which equals 9980c. Next, 9 + 980c = 9815, and, finally, this will give you 67ea.
Upvotes: 1
Related Questions
- Checking tcp checksum
- How to calculate tcp packet checksum correctly?
- TCP Checksum calculation doesn't match with the wireshark calculation
- Calculating tcp packet checksum
- How to calculate TCP checksum
- TCP checksum calculation goes wrong
- Questions regarding TCP checksum calculation
- TCP checksum calculation return 0 even when I already set checksum equals to 0 before calculating
- TCP and checksum
- Checksums on TCP