Monday, August 3, 2015

Calculating the UDP Checksum, with a taste of scapy + Wireshark

In this post we will calculate the UDP checksum. To calculate the UDP checksum we first must understand, in addition to its own header, UDP checksum uses a pseudo header. This pseudo header consists of the original source IP, destination IP, reserved (identified as 0000 0000), protocol (x11) and the length from the UDP header.

UDP pseudo header. Reprinted with permission from

UDP header: Reprinted with permission from

Considering the above, let us craft a UDP Packet in scapy. We have the following
Source IP =
Destination =
UDP source port = 20
UDP destination port = 10
Data (2 bytes) = “Hi”

Let’s see what the receiving host got from a Wireshark perspective

Note from the above image, Wireshark has already computed the UDP checksum for us. Now let’s try to see if we can get the same value as Wireshark.

So from the information we have, we can go ahead and build out pseudo header. Also when adding, these values needs to be added 16 bits or 2 bytes at a time.

That’s it our UDP Checksum is 0x35C5 which matches what Wireshark provided us above.
Hope this helps someone who wanted to know how to calculate the UDP Checksum