通过 Wireshark 验证校验和值
Verifying Checksum value through Wireshark
我正在尝试通过使用 Wireshark 检查数据包来验证 UDP 数据包的校验和值的有效性。
在我查看的这个特定数据包中,UDP headers 的值如下:
源端口:53 (0000 0000 0011 0101)
目标端口:64992 (1111 1101 1110 0000)
长度:64 (0000 0000 0100 0000)
现在如果将这些值相加,总和为65109 (1111 1110 0101 0101)
所以我希望校验和值为 426 (0001 1010 1010),它是总和的 1 的补码。
但是在Wireshark中,checksum的值为0x63c7,并且说这个checksum是正确的。
我想知道我错在哪里。
任何帮助或朝着正确方向推动将不胜感激。
提前致谢。
如果您引用 RFC 768,您将找到正确计算校验和所需的详细信息:
Checksum is the 16-bit one's complement of the one's complement sum of a
pseudo header of information from the IP header, the UDP header, and the
data, padded with zero octets at the end (if necessary) to make a
multiple of two octets.
The pseudo header conceptually prefixed to the UDP header contains the
source address, the destination address, the protocol, and the UDP
length. This information gives protection against misrouted datagrams.
This checksum procedure is the same as is used in TCP.
0 7 8 15 16 23 24 31
+--------+--------+--------+--------+
| source address |
+--------+--------+--------+--------+
| destination address |
+--------+--------+--------+--------+
| zero |protocol| UDP length |
+--------+--------+--------+--------+
If the computed checksum is zero, it is transmitted as all ones (the
equivalent in one's complement arithmetic). An all zero transmitted
checksum value means that the transmitter generated no checksum (for
debugging or for higher level protocols that don't care).
如果您想了解 Wireshark 的 UDP 解析器如何处理它,您可以查看 packet-udp.c. Basically, after setting up the data inputs properly, it essentially just calls the in_cksum() function in the in_cksum.c 文件的源代码来计算它。
您可能还想看看 RFC 1071,“计算 Internet 校验和”。
我正在尝试通过使用 Wireshark 检查数据包来验证 UDP 数据包的校验和值的有效性。 在我查看的这个特定数据包中,UDP headers 的值如下:
源端口:53 (0000 0000 0011 0101)
目标端口:64992 (1111 1101 1110 0000)
长度:64 (0000 0000 0100 0000)
现在如果将这些值相加,总和为65109 (1111 1110 0101 0101)
所以我希望校验和值为 426 (0001 1010 1010),它是总和的 1 的补码。
但是在Wireshark中,checksum的值为0x63c7,并且说这个checksum是正确的。
我想知道我错在哪里。 任何帮助或朝着正确方向推动将不胜感激。
提前致谢。
如果您引用 RFC 768,您将找到正确计算校验和所需的详细信息:
Checksum is the 16-bit one's complement of the one's complement sum of a
pseudo header of information from the IP header, the UDP header, and the
data, padded with zero octets at the end (if necessary) to make a
multiple of two octets.
The pseudo header conceptually prefixed to the UDP header contains the
source address, the destination address, the protocol, and the UDP
length. This information gives protection against misrouted datagrams.
This checksum procedure is the same as is used in TCP.
0 7 8 15 16 23 24 31
+--------+--------+--------+--------+
| source address |
+--------+--------+--------+--------+
| destination address |
+--------+--------+--------+--------+
| zero |protocol| UDP length |
+--------+--------+--------+--------+
If the computed checksum is zero, it is transmitted as all ones (the
equivalent in one's complement arithmetic). An all zero transmitted
checksum value means that the transmitter generated no checksum (for
debugging or for higher level protocols that don't care).
如果您想了解 Wireshark 的 UDP 解析器如何处理它,您可以查看 packet-udp.c. Basically, after setting up the data inputs properly, it essentially just calls the in_cksum() function in the in_cksum.c 文件的源代码来计算它。
您可能还想看看 RFC 1071,“计算 Internet 校验和”。