Calculating TCP and IP Header checksums.

By Delete, DigitalCalamity.ORG

Contents: 1. Introduction 2. The IP Header checksum 3. The TCP Header checksum 4. References 5. Contact

1. Introduction When data is about to travel across the internet it is rst chunked into smaller pieces called packets. Those packets along with the regular data contain some additional information which are stored in the packet header. Such as addresses, port numbers and other control arguments. One of those arguments is the Header Checksum. The checksum is a numerical value which is used for corruption and error detection on a packet transmission. How? Before a packet goes on the wire, the checksum is calculated by adding all this control variables together nice and smooth, then grouping them into 16-bit words which we then sum to calculate our checksum. This process is repeated at the receiving end and the recalculated checksum is compared with the previous checksum. If they match, the transmission went just ne, if not then it is possible that some data got lost or corrupted.

2. The IP Header checksum Now its time to take a look at the contents of a packet header. We will rst start with the IP Header. ------------------------------------------------------------------------------------------| Version || Internet Header Length || Type of Service || Total Length | |------------------------------------------------------------------------------------------| | Identification || Flags || Fragment offset | |------------------------------------------------------------------------------------------| | Time to Live || Protocol || Header Checksum | |------------------------------------------------------------------------------------------| | Source IP Address | |------------------------------------------------------------------------------------------| | Destination IP Address | |------------------------------------------------------------------------------------------| | Options || Padding | |------------------------------------------------------------------------------------------| I will not discuss the other arguments of the above Header as you don't need to know much about them to complete this tutorial. You just need to know the following information: version - 4 bits IHL - 4 bits ToS - 8 bits Total Length - 16 bits Identication - 16 bits Flags - 8 bits Fragmentation offset - 8 bits Time to Live - 8 bits Protocol - 8 bits Checksum - 16 bits Source IP - 32 bits Destination IP - 32 bits ** Note: Total = 160 bits. The time has come to construct our IP Header and add values to this variables. Starting with the version we will give it the value 4, since we will probably will be using IPv4. Using a decimal-to-binary convertor(YES i was to lazy to calculate it my self) we see that the number 4 in binary format is 0100. We will write it down as it is, since it already is 4 bits long. Next we have the IHL. This value is the number of 32 bit words. So when we say the IHL equals to 5 we mean that the Internet Header Length is 5x32=160 bits (see the **Note above). We will stay with the 5 since it is the most wide spread value and also the smallest possible value. The number 5 in binary is 0101. We will leave it just like that cause its just 4 bits long. We are moving on to the Type of Service eld. We will set this eld to 0. Now i think 0 in binary is 00 :-P. But wait! We wont write it down like that. This eld takes up 8 bits, remember? So we add six more zeros in front of the 00 so we will have 00000000.

Total Length. This is the TCP Header Length, which has a minimum value of 160 bits, plus the IP Header Length.( ONLY if no data is contained in the this packet). We will continue our calculations as if the TCP Header Length has a size of 160 bits. So we have TCP HL + IP HL = 160 + 160 = 320 bits. But because the Total Header Length is measured in bytes we will rewrite the 320 bits in 40 bytes (40 bytes = 320 bits). So again with the help of our binary convertor we can see that 40 in binary is 00101000, but because we want to have 16 bits will will add 8 more zeros to this result. So we get: 0000000000101000 Since this is our rst constructed packet we will set the Identification eld to 1. You can use whatever value you want since it is just for learning purposes. So because we have a 16 bit eld we will have : 0000000000000001. Next comes the Flags eld. Which we will set to 0. Again because this is a 8 bit eld we will have: 00000000. The same goes for the Fragmentation offset eld. We will have: 00000000. Now we came across with the Time to Live eld. This eld can get a maximum value off 255. This is measured in seconds but because this value gets reduced at every host it passes by, by one, we can say that this is the number of hops a packet can travel through the internet before it gets discarded. We will set it to 127. Were 127 in binary is 01111111. Next comes the Protocol eld. We are using TCP as our next level protocol, and because the TCP Protocol's ID number is 6 we will set this to 6. And 6 in binary is 00000110 (8 bits, remember?). Now... the Checksum eld. We will set this to 0, since we haven't completed our calculations. So we get this: 0000000000000000. Finally we have come to the Addresses part. We have the Source IP Address. The source address we are sending the packet from has an IP address of 192.68.43.1. What we do rst is, we write each number in binary format. Something like this. 192 : 11000000 68 : 01000100 43: 00101011 1 : 00000001 (we want to have a total of 32 bits) So, someone could read the IP address like this 11000000.01000100.00101011.00000001. We will write this down without the dots of course. So we have: 11000000010001000010101100000001. The same goes for the Destination IP Address. We want to send the packet to 10.176.2.34. So This IP in binary format is: 00001010.10110000.00000010.00100010. And without the "." : 00001010101100000000001000100010. Now we have come to my favorite part.( Don't know why, maybe cause its just the end of this messy procedure.) We will have a ashback to our binary-format values, so we have: IP Header 0100 0101 00000000 00000000 00101000 00000000 00000001 00000000 00000000 01111111 00000110 00000000 00000000 11000000 01000100 00101011 00000001 00001010 10110000 00000010 00100010 Next we will divide this stuff into 16 bit words. When we have constructed the groups of 16 bits we add them together. You can either use a binary calculator or convert each 16 bit word to decimal and then add it( Sounds like the same thing to me :-P). Lets do it together. We have: 16 bit Words In decimal 01000101 00000000 17664 00000000 00101000 40 00000000 00000001 1 00000000 00000000 0 01111111 00000110 32518 00000000 00000000 0 11000000 01000100 49220 00101011 00000001 11009 00001010 10110000 2736 00000010 00100010 546 Adding this together we get a total of: 113734 We next need to convert this into Hexadecimal format: 1BC46, But something doesn't look so *ne*. We said that the checksum eld is 16 bit long, and what we have here seems to be longer than 16 bits. In-fact it is 20 bits long. Don't worry. In this case we remove the rst digit of "1BC46" (which is 1) and we add it to the remaining 4 digits, that is BC46, so we have BC46 + 1 = BC47. Now the last step that we need to take is to subtract the result from FFFF. FFFF- BC47 = 43B8(or 65535 - 48199 = 17336, in decimal) which is our nal checksum that we will put into the checksum eld.

3. TCP Header Checksum The contents of a TCP Header: ------------------------------------------------------------------------------------------| Source port number || Destination port number | |------------------------------------------------------------------------------------------| | Sequence Number | |------------------------------------------------------------------------------------------| | Acknowledgment Number | |------------------------------------------------------------------------------------------| | Data offset || Reserved || Flags || Window | |------------------------------------------------------------------------------------------| | Header Checksum || Urgent Pointer | |------------------------------------------------------------------------------------------| | Options || Padding | |------------------------------------------------------------------------------------------| | Data | |------------------------------------------------------------------------------------------| Again as in the IP Header we have some elds that need to get lled: Source Port - 16 bits Destination Port - 16 bits Sequence Number - 32 bits Acknowledgment Number - 32 bits Data offset - 4 bits Reserved - 6 bits Flags - 6 bits Window - 16 bits Header Checksum - 16 bits Urgent Pointer - 16 bits Calculating the TCP Header checksum is similar to calculating the IP Header checksum with addition that the TCP Header Checksum also includes a Pseudo Header. This pseudo header has some information that are also found in the IP Header, such as Source IP address, Destination IP address and the Protocol number. It also includes the TCP Header length. ------------------------------------------------------------------------------------------| Source IP Address | |------------------------------------------------------------------------------------------| | Destination IP Address | |------------------------------------------------------------------------------------------| | Reserved || Protocol || TCP Header Length | |------------------------------------------------------------------------------------------| Those elds have a total size of 96 bits. Source IP - 32 bits Destination IP - 32 bits Reserved - 8 bits Protocol - 8 bits TCP Header Length - 16 bits We will rst start with the TCP Header. What we have here is the Source Port number, which we will set to 1645. Just like in the IP Header we will convert this value into binary format. So we get: 011001101101, but because we have a 16 bit eld we end up with 0000011001101101 Same thing goes for the Destination Port , which we set to 80: 0000000001010000 Next comes the Sequence Number eld. This we set to 1 : 00000000000000000000000000000001. We do the same for the Acknowledgment Number. We also set it to 1(remember those are just examples). So again we have: 00000000000000000000000000000001. Next we have the Data offset eld. This eld is similar to the IHL eld in the IP Header. Here we specify the length of the TCP Header and by knowing how long the TCP Header is we know were the data begins. This eld, just like the IHL is measured in 32 bit multiples and has a minimum value of 5(160 bits). So we will use 5: 0101 Next comes the Reserved eld which should be zero. So we have 000000 (6 bits). Now we have the Flags eld or Control bits which specify the purpose of the packet(URG, ACK, PSH, RTS, SYN, FIN). Here we have 6 ags and 6 bits so we kinda have one bit for each ag. Example: FIN: 000001 SYN: 000010 RST: 000100 PSH: 001000 ACK: 010000 URG: 100000

We will send a SYN packet, so we will have 000010. Next comes the Window eld. This we will set to 128. So we get 0000000010000000 in binary. The Checksum eld will be set to zero. So again we get: 0000000000000000. Now since we are sending a SYN packet we will set the Urgent Pointer eld to 0000000000000000. Remember when i said that the TCP Header checksum contains a Pseudo Header? Well there is no problem. Since the Pseudo Header elds are IP Header values we already have our binaries. We have: Source IP Address(192.68.43.1) : 11000000010001000010101100000001 Destination IP Address(10.176.2.34): 00001010101100000000001000100010 Reserved set to 0: 00000000 Protocol(6 for TCP): 00000110 TCP Header Length(Since we have no data the length is 160 bits, the minimum remember?) but because it is measured in bytes we will set it to 20, so we have 20 in binary: 0000000000010100 To nish our calculation we will again rewrite our binary values nice and clean: TCP Header 0000011001101101 0000000001010000 00000000000000000000000000000001 00000000000000000000000000000001 0101 000000 000010 0000000010000000 0000000000000000 0000000000000000 Pseudo Header 11000000010001000010101100000001 00001010101100000000001000100010 00000000 00000110 0000000000010100 We then build up 16 bit words to add them together. 16 bit Words In decimal 00000110 01101101 1645 00000000 01010000 80 00000000 00000000 0 00000000 00000001 1 00000000 00000000 0 00000000 00000001 1 01010000 00000010 20482 00000000 10000000 128 00000000 00000000 0 00000000 00000000 0 11000000 01000100 49220 00101011 00000001 11009 00001010 10110000 2736 00000010 00100010 546 00000000 00000110 6 00000000 00010100 20 Adding this together we get a total of: 85874 or 14F72 in Hexadecimal. Notice that again we have 20 bits instead of 16 so we remove the 1 and add it to 4F72, 4F72 + 1 = 4F73. Then we subtract it from FFFF. FFFF - 4F73 = B08C (65535 - 20339 = 45196 in decimal). B08C is our TCP Header checksum!

4. References Good online Decimal to Binary and Hexadecimal convertors: http://www.easycalculation.com/hexa-decimal-binary.php Use Google for your binary calculations etc: http://www.google.com/help/calculator.html More information on the Internet Protocol: http://www.faqs.org/rfcs/rfc791.html More information on the Transmission Control Protocol: http://www.faqs.org/rfcs/rfc793.html

DigitalCalamity for more Tutorials, Software etc: http://www.DigitalCalamity.org/

5. Contact You can contact me for any comments, critics, questions, suggestions etc at delete@digitalcalamity.org.