Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to recalculate IP checksum with scapy? [duplicate]

Possible Duplicate:
How to calculate a packet checksum without sending it?

I've spoofed a source IP and MAC address in a captured packet, but now I need to recalculate the checksum so that it checks out once its been received (after being injected into the network of course). I didn't really want to implement the checksum myself, and I was thinking that scapy could do this for me. I read that the show2() function should recalculate the checksum, but I can't seem to get it to work.

So, how can I use scapy to recalculate (and replace) the checksum for a captured + spoofed packet?

Thanks!

like image 223
Mr. Shickadance Avatar asked May 24 '11 15:05

Mr. Shickadance


People also ask

How is IP checksum calculated?

The checksum is calculated by the sender using a specific algorithm. It is then stored in the header and sent as part of the datastream. The receiving side calculates the checksum on the data that is received using the same algorithm as the sender and compares its value to the checksum passed in the header.

How do you find the checksum of a packet?

To calculate the checksum of an API frame: Add all bytes of the packet, except the start delimiter 0x7E and the length (the second and third bytes). Keep only the lowest 8 bits from the result. Subtract this quantity from 0xFF.

How is UDP checksum calculated?

The basic idea is that the UDP checksum is a the complement of a 16-bit one's complement sum calculated over an IP "pseudo-header" and the actual UDP data. The IP pseudo-header is the source address, destination address, protocol (padded with a zero byte) and UDP length.

How does Python calculate UDP checksum?

UDP checksumLoop through the sequence and pull out two bytes each time (It is an even sequence because of the supplement), left shift the first byte for eight bits, then add the second byte. As a consequence, they become a 2-byte-long number. Sum these 2-byte-long numbers. Add also the carries if there's any of them.


2 Answers

As shown here, you have to delete the .chksum attribute before calling the show2() method from scapy

like image 154
Cédric Julien Avatar answered Oct 04 '22 01:10

Cédric Julien


Let's say for argument's sake that we're processing an IP header and want to recalculate the checksum after the next hop:

>>> iph = IP(import_hexcap())
0000 4500 0064 000f 0000 fe01 3726 c0a8 0108
0010 c0a8 030b
>>> iph.ttl = iph.ttl - 1
>>> del iph.chksum
>>> iph.show2()
###[ IP ]###
version= 4L
ihl= 5L
tos= 0x0
len= 100
id= 15
flags= 
frag= 0L
ttl= 253
proto= icmp
chksum= 0x3826
src= 192.168.1.8
dst= 192.168.3.11
options= 

The .chksum field has your answer.

like image 44
Michael Foukarakis Avatar answered Oct 04 '22 02:10

Michael Foukarakis