Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to recalculate IP checksum with scapy? [duplicate]

Tags:

python

ip

spoofing

scapy

Possible Duplicate:
How to calculate a packet checksum without sending it?

I've spoofed a source IP and MAC address in a captured packet, but now I need to recalculate the checksum so that it checks out once its been received (after being injected into the network of course). I didn't really want to implement the checksum myself, and I was thinking that scapy could do this for me. I read that the show2() function should recalculate the checksum, but I can't seem to get it to work.

So, how can I use scapy to recalculate (and replace) the checksum for a captured + spoofed packet?

Thanks!

like image 223
Mr. Shickadance Avatar asked May 24 '11 15:05

Mr. Shickadance

People also ask

How is IP checksum calculated?

The checksum is calculated by the sender using a specific algorithm. It is then stored in the header and sent as part of the datastream. The receiving side calculates the checksum on the data that is received using the same algorithm as the sender and compares its value to the checksum passed in the header.

How do you find the checksum of a packet?

To calculate the checksum of an API frame: Add all bytes of the packet, except the start delimiter 0x7E and the length (the second and third bytes). Keep only the lowest 8 bits from the result. Subtract this quantity from 0xFF.

How is UDP checksum calculated?

The basic idea is that the UDP checksum is a the complement of a 16-bit one's complement sum calculated over an IP "pseudo-header" and the actual UDP data. The IP pseudo-header is the source address, destination address, protocol (padded with a zero byte) and UDP length.

How does Python calculate UDP checksum?

UDP checksumLoop through the sequence and pull out two bytes each time (It is an even sequence because of the supplement), left shift the first byte for eight bits, then add the second byte. As a consequence, they become a 2-byte-long number. Sum these 2-byte-long numbers. Add also the carries if there's any of them.

2 Answers

As shown here, you have to delete the .chksum attribute before calling the show2() method from scapy

like image 154
Cédric Julien Avatar answered Oct 04 '22 01:10

Cédric Julien

Let's say for argument's sake that we're processing an IP header and want to recalculate the checksum after the next hop:

>>> iph = IP(import_hexcap())
0000 4500 0064 000f 0000 fe01 3726 c0a8 0108
0010 c0a8 030b
>>> iph.ttl = iph.ttl - 1
>>> del iph.chksum
>>> iph.show2()
###[ IP ]###
version= 4L
ihl= 5L
tos= 0x0
len= 100
id= 15
flags= 
frag= 0L
ttl= 253
proto= icmp
chksum= 0x3826
src= 192.168.1.8
dst= 192.168.3.11
options=

The .chksum field has your answer.

like image 44
Michael Foukarakis Avatar answered Oct 04 '22 02:10

Michael Foukarakis
Sign in to Comment

Related questions

Python property
Adding a string in front of a string for each item in a list in python
What does pk__in mean in Django?
Match start and end of file in python with regex
find the colour name from a hexadecimal colour code
Doctesting functions that receive and display user input - Python (tearing my hair out)
Invoke make from different directory with python script
How to pass a variable to a re.sub callback?
does python multiplicative expression evaluates faster if finds a zero?
Parsing Snort Logs with PyParsing
Parameter names in Python functions that take single object or iterable
In python, how can I load a sqlite db completely to memory before connecting to it? [duplicate]
Execute task every so often within a process
Transferring dictionary via post request
danger of recursive functions
List files in a folder as a stream to begin process immediately
django - "manage.py test" fails "table already exists"
Python (Numpy) array sorting
Django: accessing model attributes
How to unread a line in python

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!