How to recalculate IP checksum with scapy?

Question

Possible Duplicate:
How to calculate a packet checksum without sending it?

I've spoofed a source IP and MAC address in a captured packet, but now I need to recalculate the checksum so that it checks out once its been received (after being injected into the network of course). I didn't really want to implement the checksum myself, and I was thinking that scapy could do this for me. I read that the show2() function should recalculate the checksum, but I can't seem to get it to work.

So, how can I use scapy to recalculate (and replace) the checksum for a captured + spoofed packet?

Thanks!

Also, if there is another easy to use Python library that will work nicely in this situation - I'm all ears (eyes). — Mr. Shickadance, May 24 '11 at 15:37

score 14 · Accepted Answer · edited May 23 '17 at 12:26

14

As shown here, you have to delete the .chksum attribute before calling the show2() method from scapy

edited May 23 '17 at 12:26

Community

1
1

answered May 24 '11 at 16:01

Cédric Julien

78,516
15
127
132

1

I selected this answer because the key was that I had to `del` the chksum field. Previously I was manually rebuilding the packet with null bytes in the checksum field. Doing that and then calling `show2()` did not recalculate the checksum. Deleting the field first with `del` provides the correct behaviour. – Mr. Shickadance May 24 '11 at 18:18

score 4 · Answer 2 · answered May 24 '11 at 16:02

Let's say for argument's sake that we're processing an IP header and want to recalculate the checksum after the next hop:

>>> iph = IP(import_hexcap())
0000 4500 0064 000f 0000 fe01 3726 c0a8 0108
0010 c0a8 030b
>>> iph.ttl = iph.ttl - 1
>>> del iph.chksum
>>> iph.show2()
###[ IP ]###
version= 4L
ihl= 5L
tos= 0x0
len= 100
id= 15
flags= 
frag= 0L
ttl= 253
proto= icmp
chksum= 0x3826
src= 192.168.1.8
dst= 192.168.3.11
options=

The .chksum field has your answer.

How to recalculate IP checksum with scapy?

2 Answers2

Linked