ICMP echo checksum

Question

How can I compute the checksum of an ICMP echo request or reply when the checksum should include the data portion, the data portion can be variable sized, and there's no way to anticipate the data size?

Here's documentation on how to compute the checksum of an ICMP header.

ICMP Header Checksum. 16 bits. The 16-bit one's complement of the one's complement sum of the ICMP message, starting with the ICMP Type field. When the checksum is computed, the checksum field should first be cleared to 0. When the data packet is transmitted, the checksum is computed and inserted into this field. When the data packet is received, the checksum is again computed and verified against the checksum field. If the two checksums do not match then an error has occurred.

score 14 · Accepted Answer · edited Jun 27 '17 at 03:39

14

When the sender is calculating the checksum, the value is inserted into the zero'd field. The receiver then does the reverse, it pulls out the checksum, zeros the field and computes the checksum with this field set to zeros. It compares the value it calculated to the one it extracted.

Both sides of the transmission calculate the checksum with the field zero'd out.

Update

An example of how to perform this calculation exists on this Scribd presentation, starting on slide 44. I'm also including the relevant example slide below.

Figure 9.19 shows an example of checksum calculation for a simple echo-request message (see Figure 9.14). We randomly chose the identifier to be 1 and the sequence number to be 9. The message is divided into 16-bit (2-byte) words. The words are added together and the sum is complemented. Now the sender can put this value in the checksum field.

Ping Checksum calculation

You split the ICMP header and data into 16 bit words (using 0x0000 for the checksum field), get the sum of these words and then the ones complement of the sum. This is then inserted into the checksum field.

edited Jun 27 '17 at 03:39

Nick Brady

6,084
1
46
71

answered Nov 27 '13 at 16:25

Andy

49,085
60
166
233

That's not my question. I need to compute the checksum over the entire ICMP message, which can include a variable-sized data portion. How do I know the size of the message over which I compute the checksum? – Rose Perrone Nov 27 '13 at 17:09
I think the better question at this point, is how are you parsing your packets? The packet data should be part of your packet parsing. That would give you the size of the data. – Andy Nov 27 '13 at 18:40
The data is optional, and for my purposes I don't care what the data is, so I don't parse it at all. But the sender still may have included the data in the checksum, so I need to know the length of the data, so I can include it in my verification of the checksum. – Rose Perrone Nov 27 '13 at 19:00
Unfortunately, that means your implementation isn't complete. You need to know more than the length of the data, you need the data itself. I edited my answer slightly to include more information – Andy Nov 27 '13 at 19:16
How do I find out the length of the data? – Rose Perrone Nov 27 '13 at 19:36
You'll need to strip out the packet header and the ICMP header. That should leave the ICMP payload for you to work with. – Andy Nov 27 '13 at 19:53
How long is that payload. – Rose Perrone Nov 27 '13 at 20:08
The maximum size is [65507](http://stackoverflow.com/questions/9449837/maximum-legal-size-of-icmp-echo-packet) – Andy Nov 27 '13 at 22:29
The description how the sender calculates the checksum is correct. For the receiver however it’s much simpler: it doesn‘t have to extract the checksum, set the field it to zero, calculate the checksum and compares his calculation with the extracted value. The receiver just calculates the checksum over the whole icmp packet. If the result is 0, then all is okay. This works as the sender includes the inverted checksum in the packet. – Grandswiss Feb 18 '21 at 20:11

score 4 · Answer 2 · answered Nov 28 '13 at 04:03

4

You can calculate the ICMP message length by subtracting the size of the IP header from the "Total length" field in the IP header.

answered Nov 28 '13 at 04:03

Rose Perrone

61,572
58
208
243

is there any proof of that? – Incerteza Apr 25 '14 at 01:22
An ICMP packet consists of an IP header and an ICMP message. RFC 792, describes the Total Length field as "Length of internet header and data in octets." For an ICMP packet, the data is the ICMP message. – Rose Perrone Apr 25 '14 at 04:27
Ops, I thought you were talking about checksum. But you're question is about checksum. – Incerteza Apr 25 '14 at 06:02

score 2 · Answer 3 · answered Jan 08 '16 at 11:11

2

Bear in mind that in IPv6, a pseudo header of the IPv6 header, is also included in the checksum calculation. In IPv4 this is not done, because the header already checksums itself.

answered Jan 08 '16 at 11:11

KJH

375
2
10

ICMP echo checksum

3 Answers3