How are these values calculated in Python Scapy?
Question:
I am curious about the values of the chksum and how it is calculated.
###[ IP ]###
chksum = 0x95d3
###[ UDP ]###
chksum = 0x1a77
What is chksum=0x1a77 and chksum=0x95d3 how are they calculated in python Scapy? I need some explanation for these values.
Answers:
The value is a CheckSum, and they are used to verify that a sequence of data has or has not changed since the last time the checksum was calculated. The network packet/segment has a checksum field in the header, and when your system recieves the datagram, it recalculates the checksum to determine whether it is still equal to to value in the header field. If it is, then you can make a basic inference that the data is unchanged. Checksums are a weak validation, but they are cheap to perform, so for the right task, they can provide a good balance for verifying data integrity vs effort required.
The mechanism is similar for the IP, TCP, and UDP checksums.
From RFC 791 page 14 (IP):
Header Checksum: 16 bits
A checksum on the header only. Since some header fields change
(e.g., time to live), this is recomputed and verified at each point
that the internet header is processed.
The checksum algorithm is:
The checksum field is the 16 bit one's complement of the one's
complement sum of all 16 bit words in the header. For purposes of
computing the checksum, the value of the checksum field is zero.
This is a simple to compute checksum and experimental evidence
indicates it is adequate, but it is provisional and may be replaced
by a CRC procedure, depending on further experience.
from RFC 768 page 2 (UDP):
Checksum is the 16-bit one's complement of the one's complement sum of
a pseudo header of information from the IP header, the UDP header, and
the data, padded with zero octets at the end (if necessary) to
make a multiple of two octets.
From RFC 793 page 16 (TCP):
Checksum: 16 bits
The checksum field is the 16 bit one's complement of the one's
complement sum of all 16 bit words in the header and text. If a
segment contains an odd number of header and text octets to be
checksummed, the last octet is padded on the right with zeros to
form a 16 bit word for checksum purposes. The pad is not
transmitted as part of the segment. While computing the checksum,
the checksum field itself is replaced with zeros.
and the efficient calculation of the checksum is discussed in RFC 1071 "Computing the Internet Checksum". Its somewhat involved, but the math behind the theory and some code implementations are contained therein.
I am curious about the values of the chksum and how it is calculated.
###[ IP ]###
chksum = 0x95d3
###[ UDP ]###
chksum = 0x1a77
What is chksum=0x1a77 and chksum=0x95d3 how are they calculated in python Scapy? I need some explanation for these values.
The value is a CheckSum, and they are used to verify that a sequence of data has or has not changed since the last time the checksum was calculated. The network packet/segment has a checksum field in the header, and when your system recieves the datagram, it recalculates the checksum to determine whether it is still equal to to value in the header field. If it is, then you can make a basic inference that the data is unchanged. Checksums are a weak validation, but they are cheap to perform, so for the right task, they can provide a good balance for verifying data integrity vs effort required.
The mechanism is similar for the IP, TCP, and UDP checksums.
From RFC 791 page 14 (IP):
Header Checksum: 16 bits A checksum on the header only. Since some header fields change (e.g., time to live), this is recomputed and verified at each point that the internet header is processed. The checksum algorithm is: The checksum field is the 16 bit one's complement of the one's complement sum of all 16 bit words in the header. For purposes of computing the checksum, the value of the checksum field is zero. This is a simple to compute checksum and experimental evidence indicates it is adequate, but it is provisional and may be replaced by a CRC procedure, depending on further experience.
from RFC 768 page 2 (UDP):
Checksum is the 16-bit one's complement of the one's complement sum of a pseudo header of information from the IP header, the UDP header, and the data, padded with zero octets at the end (if necessary) to make a multiple of two octets.
From RFC 793 page 16 (TCP):
Checksum: 16 bits The checksum field is the 16 bit one's complement of the one's complement sum of all 16 bit words in the header and text. If a segment contains an odd number of header and text octets to be checksummed, the last octet is padded on the right with zeros to form a 16 bit word for checksum purposes. The pad is not transmitted as part of the segment. While computing the checksum, the checksum field itself is replaced with zeros.
and the efficient calculation of the checksum is discussed in RFC 1071 "Computing the Internet Checksum". Its somewhat involved, but the math behind the theory and some code implementations are contained therein.