Network Security Blog

IP:-

16bit field

error detection

caluculation:- fully maths caluculation

For example, if an IP header is 0x4500003044224000800600008c7c19acae241e2b.

1)SUM:-4500 + 0030 + 4422 + 4000 + 8006 + 0000 + 8c7c + 19ac + ae24 + 1e2b = 2BBCF

2)16bit:-2 +  BBCF  = BBD1

3)one's complimamet:-BBD1 = one’s complement(1011101111010001) = 0100010000101110 = 442E

Checksum value:-442E

VALIDATION:-

2BBCF + 442E = 2FFFD, then 2 + FFFD = FFFF

FFFF=000000 <---which means IP header is correct.

TCP:-

16bit filed

error detection

checksum=TCPsegment+Pseudo header

source address: 32 bits/4 bytes, taken from IP header

destination address: 32bits/4 bytes, taken from IP header

reserved: 8 bits/1 byte, all zeros

protocol: 8 bits/1 byte, taken from IP header. In case of TCP, this should always be 6, which is the assigned protocol number for TCP.

TCP Length: The length of the TCP segment, including TCP header and TCP data.

Note:- TCP pseudo header does not really exist, and it’s not transmitted over the network.

It’s constructed on the fly

Optional:-If a TCP segment contains an odd number of octets to be checksummed, the last octect is padded on the right with zeros to form a 16-bit word. But the padding is not part of the TCP segment and therefore not transmitted.

Difference:-

IPv4 uses the checksum to detect errors of packet headers. i.e. the source, destination

The TCP protocol includes an extra checksum that protects the packet "payload" as well as the header.

Even if reassembled correctly, software or other errors could be introduced in the layers between IP and TCP

Even if all software functions correctly, and TCP/IP is over ethernet, the limited size of the checksums can be accidently correct

so having more than one checksum is helpful.

NOTE:-IPV6 does not uses chacksum