Monday, August 3, 2015

Calculating the IP Checksum, with a taste of scapy + Wireshark

In this post we will calculate the IP checksum. Unlike the UDP and TCP checksum, IP header checksum does not use a pseudo header.

Reprinted with permission from

Considering the above, let’s craft an IP Packet in scapy. We have the following:

Let’s see what the receiving host got from a wireshark perspective

Note from the above image Wireshark has already computed the IP checksum for us. Now let’s try to see if we can get the same value as Wireshark.

So from the information we have, we can go ahead and calculate our IP checksum. Also when adding, these values needs to be added 16 bits or 2 bytes at a time

P.S. Just recognized  an error. Above (in the blue section) where it says "prepend hex 000 to I CA 39", I believe I should have said "prepend 000 to hex 2 06 b3".

Voila!!! That’s it our IP Checksum is 0xF9 4A which matches what Wireshark provided us above.

Hope this helps someone who wanted to know how to calculate the IP Header Checksum


No comments:

Post a Comment