Calculating tcp packet checksum

0
votes

i am following a guide in https://www.securitynik.com/2015/08/calculating-udp-checksum-with-taste-of_3.html

50 C7 BF 65 B5 CA 70 F3 95 00 A0 AF 08 00 45 00 00 28 3F 1C 40 00 80 06 00 00 C0 A8 01 A3 D2 F2 F3 65 C2 00 1A 4C 9F 5E 98 B7 70 8A A9 B8 50 10 40 18 88 BE 00 00

This is my packet..

source Ip 192.168.1.163 1100 0000 1010 1000 C0 A8 0000 0001 1010 0011 01 A3
dest IP 210.242.243.101 1101 0010 1111 0010 D2 F2 1111 0011 0110 0101 F3 65

TCP pro 0/6 0000 0000 0000 0110 00 06

Padding Length 0000 0000 0001 1110 00 14 ? (Not sure)

S-Port 49664 1100 0010 0000 0000 C2 00

D-Port 6732 0001 1010 0100 1100 1A 4C

Seq # 2673776823 1001 1111 0101 1110 9F 5E 1001 1000 1011 0111 98 B7

Ack # 1888135608 0111 0000 1000 1010 70 8A 1010 1001 1011 1000 A9 B8

Flag # 0101 0000 0001 0000 50 10

Window # 16408 0100 0000 0001 1000 40 18 Sum: 5 86 49 Adding first byte: 86 4E in Binary: 1000 0110 0100 1110 Flip bit: 0111 1001 1011 0001 My checksum is 79 B1 but the packet checksum is 88 BE

the only info i was not sure of is the padding length.. which it was not explained well.. My understanding is.. it is either

by adding header length which in this case is 20 bytes + any payload bytes.. which there is none in my case.. so 14 in hex is 20 dec.. or maybe adding the flag number to it.. which 20 + 10 is 30.. i also tried both and the checksum still doesn't match?

Is my math wrong? or logic wrong..

Thanks for your help..

Chelvan.

1
tcppacket

1 Answers

1
votes

IPv4 uses the checksum to detect corruption of packet headers at network layer. The TCP applies at transport layer an extra checksum to protect the packet payload as an addition to the header-checksum of IP. 12-byte TCP pseudo header is created prior to TCP checksum calculation. TCP pseudo header length comprises source address(4 byte), destination address(4 byte), reserved(1 byte), protocol(1 byte), TCP segment length(2 byte).

Pseudo header as 12 byte / 96 bits is placed before the the TCP segment then, the checksum is computed over the entire set of data (pseudo header plus TCP segment). The value of the checksum is placed into the Checksum field of the TCP header, and the pseudo header is discarded.

Calculation algorithm for the TCP and IPv4 checksums is the same. The data is processed 16 bits or 2 bytes at a time and those 16 bits as words are added using the ones-complement arithmetic. At the end of additions, the result is negated in ones-complement by taking the binary not, and the result is stored in TCP header by the source endpoint. At destination endpoint same calculation is repeated by setting the checkum to zero.

You can try to calculate it using below method from this utility class 

public static short checksum( byte[] source ,byte[] destination ,byte protocol,
                              short  length ,
                              byte[] message ,
                              int offset )