Monday, August 3, 2015

Calculating the TCP Checksum, with a taste of scapy + Wireshark

In this post we will calculate the TCP checksum. To calculate the TCP checksum we first must understand that in addition to its own header, TCP checksum uses a pseudo header. This pseudo header consists of the original source IP, destination IP, reserved (identified as 0000 0000), protocol (x06) and the length from the TCP header.

TCP pseudo header: reprinted with permission from

TCP Header: reprinted with permission from

Considering the above, let us craft a TCP Packet in scapy. We have the following
Source IP =
Destination =
TCP source port = 20
TCP destination port = 10
Data (2 bytes) = “Hi”

Let’s see what the receiving host got from a wireshark perspective

Note from the above image wireshark has already computed the TCP checksum for us. Now let’s try to see if we can get the same value as wireshark.

So from the information we have, we can go ahead and build out pseudo header. Also when adding, these values needs to be added 16 bits or 2 at a time

That’s it our TCP Checksum is 0XC5C1 which matches what wireshark provided us above.
Hope this helps someone who wanted to know how to calculate the TCP Checksum

No comments:

Post a Comment