I am trying to manually calculate checksums for various UDP packets, but I am always getting the wrong results compared to what is shown in Wireshark. Below is an example of how I do it:
Source Address: 192.168.0.103 (0xC0A8, 0x0067) Destination Address: 192.168.0.1 (0xC0A8, 0x0001) Source Port: 57090 (0xDF02) Destination Port: 8000 (0x1F40) Packet length: 19 (0x0013) Data: hello world (0x6865, 0x6C6C, 0x6F20, 0x776F, 0x726C, 0x6400) Expected checksum: 0xEDFD (from wireshark) I understand that the UDP checksum is calculated with the following variables:
Source IP + Destination IP + 17 (0x0011 - protocol code) + 10 (0x000A - pseudoheader length) + Source Port + Destination Port + UDP Packet Length + Data All of them in groups of 16 bits.
So my calculations are (in the same order):
0xC0A8 + 0x0067 + 0xC0A8 + 0x0001 + 0x0011 + 0x000A + 0xDF02 + 0x1F40 + 0x0013 + 0x6865 + 0x6C6C + 0x6F20 + 0x776F + 0x726C + 0x6400 The result of the above sum is:
0x511F4 Now, since the result is higher than 0xFFFF I do the following:
0x11F4 + 0x0005 = 0x11F9 After flipping the bits I get the result:
0xEE06 <- which, as you can see, it is different from the expected one So my question is what am I doing wrong? I am always getting almost the result of what is shown in wireshark.
Below is a screenshot of the packet inside Wireshark, as a reference https://www.evernote.com/l/AWl0H1AGoxpGX4_zjgDlVBcytJM-HP_PvQE
