Monday, August 3, 2015

Calculating the UDP Checksum, with a taste of scapy + Wireshark


In this post we will calculate the UDP checksum. To calculate the UDP checksum we first must understand that in addition to its own header, UDP checksum uses a pseudo header. This pseudo header consists of the original source IP, destination IP, reserved (identified as 0000 0000), protocol (x11) and the length from the UDP header.








UDP pseudo header. Reprinted with permission from tcpipguide.com











UDP header: Reprinted with permission from tcpipguide.com

Considering the above, let us craft a UDP Packet in scapy. We have the following
Source IP = 192.168.0.31
Destination = 192.168.0.30
UDP source port = 20
UDP destination port = 10
Data (2 bytes) = “Hi”


Let’s see what the receiving host got from a wireshark perspective



Note from the above image wireshark has already computed the UDP checksum for us. Now let’s try to see if we can get the same value as wireshark

So from the information we have, we can go ahead and build out pseudo header. Also when adding, these values needs to be added 16 bits or 2 at a time.




























That’s it our UDP Checksum is 0x35C5 which matches what wireshark provided us above.
Hope this helps someone who wanted to know how to calculate the UDP Checksum

References:

No comments:

Post a Comment