In this post we will calculate the IP checksum. Unlike the
UDP and TCP checksum, IP header checksum does not use a pseudo header.
Reprinted with permission from tcpipguide.com
Considering the above, let’s craft an IP Packet in scapy. We have the following:
Let’s see what the receiving host got from a wireshark perspective
Reprinted with permission from tcpipguide.com
Considering the above, let’s craft an IP Packet in scapy. We have the following:
Let’s see what the receiving host got from a wireshark perspective
Note from the above image Wireshark has already computed the IP checksum for us. Now let’s try to see if we can get the same value as Wireshark.
So from the information we have, we can go ahead and calculate
our IP checksum. Also when adding, these values needs to be added 16 bits or 2
bytes at a time
P.S. Just recognized an error. Above (in the blue section) where it says "prepend hex 000 to I CA 39", I believe I should have said "prepend 000 to hex 2 06 b3".
Voila!!! That’s it our IP Checksum is 0xF9 4A which matches what Wireshark provided us above.
Voila!!! That’s it our IP Checksum is 0xF9 4A which matches what Wireshark provided us above.
Hope this helps someone who wanted to know how to calculate
the IP Header Checksum
References:
https://www.ietf.org/rfc/rfc791.txt
http://www.secdev.org/projects/scapy/
https://www.wireshark.org/
http://www.tcpipguide.com/free/t_IPDatagramGeneralFormat.htm
http://www.secdev.org/projects/scapy/
https://www.wireshark.org/
http://www.tcpipguide.com/free/t_IPDatagramGeneralFormat.htm
No comments:
Post a Comment