Skip to main content

What is the use of Pseudo header in TCP/UDP packets?

Namaste Friends,

In today's post, I am going to write about what is Pseudo header and why it is important to calculate CheckSum of TCP and UDP packets.

Let's Directly Focus On Our Important Questions.

Q 1. What is TCP/UDP Checksum?

Ans. As we already know that our world wide web is very very big and there are billions of billions of packets are flowing on the network from one point to another point through different types of gateways, switches, router and IOT. So, The possibilities of errors or corruption in any packets are very high. Hence, this problem provides a solid reason to add the concept of checksum in TCP/UDP packets. Basically, Checksum is one of the types of the hash value calculated from the checksum algorithm. In Other Words, The TCP/IP checksum is simply used to detect the corruption of data over a TCP or IPv4 connection. As i already told you, corruption of data over internet network has high possibilities.  If a bit is flipped, a byte mangled, or some other badness happens to a packet, then it is highly likely that the receiver of that broken packet will notice the problem due to a checksum mismatch. This provides end-to-end assurance that the data stream is correct.

Q 2. What is Pseudo header?

Ans. In Simple words, Pseudo header is one type of demo header that basically helps in calculating the CheckSum of TCP UDP Packets. From the TCP or UDP point of view, the TCP packet does not contain IP addresses. Thus, to do a proper checksum, a "pseudo-header" is included. It's "pseudo", because it is not actually part of the TCP/UDP datagram. It contains the most important parts of the IP header, that is, source and destination address, protocol number and data length.

According To David P. Reed

"As I was there (in 1976, when we split TCP into IP, TCP, and other 
protocols, such as UDP) for the decision to separate the checksums and 
to create a pseudo-header, here is the rationale, which is highly relevant.

TCP (and UDP) are end-to-end protocols.   In particular, the TCP 
checksum is "end-to-end".   It is a "private matter" between end points 
implementing the TCP layer, guaranteeing end-to-end reliability, not 
hop-by-hop reliability.

IP is a wrapper for TCP, which instructs the transport layer (the 
gateways and routers) where the packet is to be transported, how big it 
is, and how it may be fragmented in the process of delivery..

The Source Address, Destination address, length, etc. are part of the 
meaning of the TCP frame - in that the end point machines use that 
information in the TCP application.

Thus the function of SA, DA, etc. are "shared" because they are 
meaningful to both layers (IP and TCP).   Rather than include the same 
information twice in the packet format, the concept of a "virtual 
header" was invented to encapsulate the idea that IP is not allowed to 
change the SA and DA because they are meaningful.

Further, in the case of end-to-end encryption (in 1976 we had a complete 
design by Steven T. Kent, my office mate, which was blocked by NSA from 
being deployed) it is essential that all end-to-end meaning be 
protected.   The plan was to leave the SA and DA in the clear, but 
encrypt the rest of the TCP payload, including the checksum.  This would 
protect against a man-n-the-middle attack that delivered valid packets 
with an incorrect source address, etc. (yes, to be truly reliable, we 
would have had to use a DSA instead of the current checksum).

This was a careful design decision, wrecked irrevocably by the 
terrorists who invented NAT (which doesn't allow end--to-end encryption, 
because NAT is inherently a "man-in-the-middle" attack!).

The rise of the middleboxen have now so thoroughly corrupted the 
Internet protocol design that it's not surprising that the original 
designs are difficult to decode.   If we actually had end-to-end 
encrypted TCP (now impossible because of the NATs) we would have a much 
more secure and safe Internet, while preserving its open character.  
Instead we have a maze of twisty, disconnected passages, vulnerable to a  
zillion hackers."

Q 3. How Pseudo header Structure looks like?


As you can see in above diagram, the pseudo header contains the most important parts of complete packets. for example, the source address from IP header, destination address from Ip header, Protocol from IP header, TCP Segment length etc.

As you can see in above diagram, At the end to find or calculate the checksum value, clients need to add Created Pseudo Header And TCP Segment and Then use checksum algorithms to calculate the hash value.

Reference Sites:

Complete Tutorial : Code TCP Packet In Python
Click here

Related Post

Top Visited

Big List Of Google Dorks For Sqli Injection

List of Keyboard Shortcuts Keys for GNOME Desktop (Kali linux / Linux / Ubuntu/*nix )

how to install burp suite in Linux/Ubuntu 16.04

Create Simple Packet Sniffer Using Python

How to create Phishing Page Using Kali Linux | Webpage Page Cloning Using Kali Linux Social Engineering Toolkit

Best 1000 User-agents List For Web Scraping

How To Install GDB Peda?

2 Easiest Way To Enable Monitor Mode in Kali Linux | Airmon-ng | Iwconfig

How To Create Snake Game Using Python And Tkinter - Simple python games

Latest Google Dorks List