In this post we will calculate the UDP checksum. To calculate the UDP checksum we first must understand, in addition to its own header, UDP checksum uses a pseudo header. This pseudo header consists of the original source IP, destination IP, reserved (identified as 0000 0000), protocol (x11) and the length from the UDP header.
UDP header: Reprinted with permission from tcpipguide.com
Considering the above, let us craft a UDP Packet in scapy. We have the following
Source IP = 192.168.0.31
Destination = 192.168.0.30
UDP source port = 20
UDP destination port = 10
Data (2 bytes) = “Hi”
Destination = 192.168.0.30
UDP source port = 20
UDP destination port = 10
Data (2 bytes) = “Hi”
Let’s see what the receiving host got from a Wireshark perspective
Note from the above image, Wireshark has already computed the UDP checksum for us. Now let’s try to see if we can get the same value as Wireshark.
So from the information we have, we can go ahead and build out pseudo header. Also when adding, these values needs to be added 16 bits or 2 bytes at a time.
That’s it our UDP Checksum is 0x35C5 which matches what Wireshark provided us above.
Hope this helps someone who wanted to know how to calculate
the UDP Checksum
References:
http://www4.ncsu.edu/~mlsichit/Teaching/407/Resources/udpChecksum.html
http://www.tcpipguide.com/free/t_UDPMessageFormat-2.htm
http://www.secdev.org/projects/scapy/
https://www.wireshark.org/
https://www.ietf.org/rfc/rfc768.txt
http://www.secdev.org/projects/scapy/
https://www.wireshark.org/
https://www.ietf.org/rfc/rfc768.txt
This comment has been removed by the author.
ReplyDeleteReally ???? so sad :p
DeleteThank you for this tutorial.
ReplyDeleteSonu,
DeleteYou are welcome!
the tutorial helped loads! Thank you!
ReplyDeleteReally happy you found it beneficial.
DeleteThis tutorial helped me to check that my checksum calculator program worked. It was very helpful :)
ReplyDeleteI'm glad you found it helpful lechercheur123!
DeleteTo calculate the UDP checksum we first must understand, in addition to its own header, UDP checksum uses a pseudo header. matrix calculator can be of great use here to make it easy.
ReplyDeletethank you
ReplyDeleteCan I ask, how I know the value Reserved/UDP Protocol and Padding/UDP Protocol. And my Wireshark file doesnt show "Data", it shows "UDP Payload", can I take it as Data value?
ReplyDeleteSorry for the late response. There is no value for reserved. Hence the reason it is "reserved".
Delete