TCP校验和计算出错

时间:2015-12-04 10:46:56

标签: c++ networking tcp network-programming

我正在尝试获得正确的TCP校验和,但它失败了。我正在使用C ++,我使用winpcap获取本地网络的数据包,并且我试图计算他们的tcp校验和(我已经使用正确的过滤器来获取只有tcp数据包)。但是当我将计算出的校验和与wireshark tcp校验和进行比较时,它们就不一样了。

这是我用C ++做的代码,它使用位图来检测位进位。

u_char* tcp_checksum(const u_char* data, int size)
{
    u_char *checksum = new u_char[2]();
    uint16_t sumando = 0;
    bitset<17> total;

    //add ip src and ip dst
    for (int i = 26; i < 33; i++){
        total = sumando + (uint16_t)((datos[i] << 8) + datos[i + 1]);
        sumando += (uint16_t)((datos[i] << 8) + datos[i + 1]);
        if (total[16] == 1)
            sumando++;
        i++;
    }

    //add el zero byte and number of protocol
    total = sumando + (uint16_t)(0x06);
    sumando += (uint16_t)(0x06);
    if (total[16] == 1)
        sumando++;

    /*here I should add the tcp length to complete the tcp pseudo header but i    didnt add anything because I dont know to calculate the tcp len correctly but its not a problem because a lot of times is cero and the tcp still failing.*/

    //okay we have just calculated the pseudoheader.

    //add all tcp header except the 2 bytes of the checksum (20 bytes normally)
    for (int i = 34; i < 54; i++){
        if (i != 50 && i != 52){//no sumo ni padding ni checksum.
            total = sumando + (uint16_t)((datos[i] << 8) + datos[i + 1]);
            sumando += (uint16_t)((datos[i] << 8) + datos[i + 1]);
            if (total[16] == 1)
                sumando++;
        }
        //
        if (i == 52) break;
        i++;
    }


    //add the tcp payload in 16 bits each adding.
    for (int i = 55; i < tamaño - 1; i++){//tamaño - 1
        total = sumando + (uint16_t)((datos[i] << 8) + datos[i + 1]);
        sumando += (uint16_t)((datos[i] << 8) + datos[i + 1]);
        if (total[16] == 1)
            sumando++;
        i++;
    }
    if (tamaño % 2 == 0){
        total = sumando + (uint16_t)((0x00 << 8) + datos[tamaño]);
        sumando += (uint16_t)((0x00 << 8) + datos[tamaño]);
        if (total[16] == 1)
            sumando++;
    }

    //i get the complementary and i divided the u_short (16 bits) (uint16_t) in 2 bytes which i return
    sumando = sumando & 0xFFFF;
    sumando = ~sumando;
    checksum[0] = (sumando >> 8) & 0x00FF;
    checksum[1] = sumando & 0x00FF;
    return checksum;
    }

好的,当我尝试比较真正的tcp校验和字节和我的tcp校验和时,它不一样:

printf("%x%x==", pkt_data[50], pkt_data[51]);
u_char *c = new u_char[2]();
c= tcp_checksum(pkt_data, header->caplen);
printf("%x%x\n", c[0], c[1]);
cout << endl;
delete c;

我得到不同的字节,通常包tcp的字节51和52属于tcp校验和。当我输出它们时,它们不一样。

1 个答案:

答案 0 :(得分:1)

不要将你的结果与wireshark进行比较,至少在没有关闭checksum offloading的情况下进行比较。

由于网络接口卡执行的校验和卸载,通过libpcap / winpcap捕获的数据包的校验和为often wrong

相关问题
最新问题