Monday, August 3, 2015

Calculating the UDP Checksum, with a taste of scapy + Wireshark


In this post we will calculate the UDP checksum. To calculate the UDP checksum we first must understand, in addition to its own header, UDP checksum uses a pseudo header. This pseudo header consists of the original source IP, destination IP, reserved (identified as 0000 0000), protocol (x11) and the length from the UDP header.








UDP pseudo header. Reprinted with permission from tcpipguide.com











UDP header: Reprinted with permission from tcpipguide.com

Considering the above, let us craft a UDP Packet in scapy. We have the following
Source IP = 192.168.0.31
Destination = 192.168.0.30
UDP source port = 20
UDP destination port = 10
Data (2 bytes) = “Hi”




Let’s see what the receiving host got from a Wireshark perspective



Note from the above image, Wireshark has already computed the UDP checksum for us. Now let’s try to see if we can get the same value as Wireshark.

So from the information we have, we can go ahead and build out pseudo header. Also when adding, these values needs to be added 16 bits or 2 bytes at a time.


































That’s it our UDP Checksum is 0x35C5 which matches what Wireshark provided us above.
Hope this helps someone who wanted to know how to calculate the UDP Checksum

References:

9 comments:

  1. This comment has been removed by the author.

    ReplyDelete
  2. the tutorial helped loads! Thank you!

    ReplyDelete
  3. This tutorial helped me to check that my checksum calculator program worked. It was very helpful :)

    ReplyDelete
  4. To calculate the UDP checksum we first must understand, in addition to its own header, UDP checksum uses a pseudo header. matrix calculator can be of great use here to make it easy.

    ReplyDelete