CODEWITHSUNDEEP
pythonnetwork-programmingipscapy
user20486964
user20486964

Reputation:

How are these values calculated in Python Scapy?

I am curious about the values of the chksum and how it is calculated.

###[ IP ]### 
     chksum    = 0x95d3

###[ UDP ]### 
     chksum    = 0x1a77

What is chksum=0x1a77 and chksum=0x95d3 how are they calculated in python Scapy? I need some explanation for these values.

Upvotes: 0

Views: 120

Answers (1)

Frank Thomas
Frank Thomas

Reputation: 2514

The value is a CheckSum, and they are used to verify that a sequence of data has or has not changed since the last time the checksum was calculated. The network packet/segment has a checksum field in the header, and when your system recieves the datagram, it recalculates the checksum to determine whether it is still equal to to value in the header field. If it is, then you can make a basic inference that the data is unchanged. Checksums are a weak validation, but they are cheap to perform, so for the right task, they can provide a good balance for verifying data integrity vs effort required.

The mechanism is similar for the IP, TCP, and UDP checksums.

From RFC 791 page 14 (IP):

Header Checksum:  16 bits

A checksum on the header only.  Since some header fields change
(e.g., time to live), this is recomputed and verified at each point
that the internet header is processed.

The checksum algorithm is:

  The checksum field is the 16 bit one's complement of the one's
  complement sum of all 16 bit words in the header.  For purposes of
  computing the checksum, the value of the checksum field is zero.

This is a simple to compute checksum and experimental evidence
indicates it is adequate, but it is provisional and may be replaced
by a CRC procedure, depending on further experience.

from RFC 768 page 2 (UDP):

Checksum is the 16-bit one's complement of the one's complement sum of
a pseudo header of information from the IP header, the UDP header, and
the data,  padded  with zero octets  at the end (if  necessary)  to 
make  a multiple of two octets.

From RFC 793 page 16 (TCP):

Checksum:  16 bits

The checksum field is the 16 bit one's complement of the one's
complement sum of all 16 bit words in the header and text.  If a
segment contains an odd number of header and text octets to be
checksummed, the last octet is padded on the right with zeros to
form a 16 bit word for checksum purposes.  The pad is not
transmitted as part of the segment.  While computing the checksum,
the checksum field itself is replaced with zeros.

and the efficient calculation of the checksum is discussed in RFC 1071 "Computing the Internet Checksum". Its somewhat involved, but the math behind the theory and some code implementations are contained therein.

Upvotes: 1

Related Questions