What is the use of Pseudo header in TCP/UDP packets?

Posted by Suraj Singh on December 26, 2017 · 6 mins read
hii readers,



In today's post, I am going to write about what is Pseudo header and why it is important to calculate CheckSum of TCP and UDP packets.


Let's Directly Focus On Our Important Questions.


Q 1. What is TCP/UDP Checksum?

Ans. As we already know that our world wide web is very very big and there are billions of billions of packets are flowing on the network from one point to another point through different types of gateways, switches, router and IOT. So, The possibilities of errors or corruption in any packets are very high. Hence, this problem provides a solid reason to add the concept of checksum in TCP/UDP packets. Basically, Checksum is one of the types of the hash value calculated from the checksum algorithm. In Other Words, The TCP/IP checksum is simply used to detect the corruption of data over a TCP or IPv4 connection. As i already told you, corruption of data over internet network has high possibilities.  If a bit is flipped, a byte mangled, or some other badness happens to a packet, then it is highly likely that the receiver of that broken packet will notice the problem due to a checksum mismatch. This provides end-to-end assurance that the data stream is correct.


 
Q 2. What is Pseudo header?


Ans. In Simple words, Pseudo header is one type of demo header that basically helps in calculating the CheckSum of TCP UDP Packets. From the TCP or UDP point of view, the TCP packet does not contain IP addresses. Thus, to do a proper checksum, a "pseudo-header" is included. It's "pseudo", because it is not actually part of the TCP/UDP datagram. It contains the most important parts of the IP header, that is, source and destination address, protocol number and data length.


According To David P. Reed


"As I was there (in 1976, when we split TCP into IP, TCP, and other 
protocols, such as UDP) for the decision to separate the checksums and 
to create a pseudo-header, here is the rationale, which is highly relevant.

TCP (and UDP) are end-to-end protocols. In particular, the TCP
checksum is "end-to-end". It is a "private matter" between end points
implementing the TCP layer, guaranteeing end-to-end reliability, not
hop-by-hop reliability.

IP is a wrapper for TCP, which instructs the transport layer (the
gateways and routers) where the packet is to be transported, how big it
is, and how it may be fragmented in the process of delivery..

The Source Address, Destination address, length, etc. are part of the
meaning of the TCP frame - in that the end point machines use that
information in the TCP application.

Thus the function of SA, DA, etc. are "shared" because they are
meaningful to both layers (IP and TCP). Rather than include the same
information twice in the packet format, the concept of a "virtual
header" was invented to encapsulate the idea that IP is not allowed to
change the SA and DA because they are meaningful.

Further, in the case of end-to-end encryption (in 1976 we had a complete
design by Steven T. Kent, my office mate, which was blocked by NSA from
being deployed) it is essential that all end-to-end meaning be
protected. The plan was to leave the SA and DA in the clear, but
encrypt the rest of the TCP payload, including the checksum. This would
protect against a man-n-the-middle attack that delivered valid packets
with an incorrect source address, etc. (yes, to be truly reliable, we
would have had to use a DSA instead of the current checksum).

This was a careful design decision, wrecked irrevocably by the
terrorists who invented NAT (which doesn't allow end--to-end encryption,
because NAT is inherently a "man-in-the-middle" attack!).

The rise of the middleboxen have now so thoroughly corrupted the
Internet protocol design that it's not surprising that the original
designs are difficult to decode. If we actually had end-to-end
encrypted TCP (now impossible because of the NATs) we would have a much
more secure and safe Internet, while preserving its open character.
Instead we have a maze of twisty, disconnected passages, vulnerable to a  
zillion hackers."


Q 3. How Pseudo header Structure looks like?

Ans.


As you can see in above diagram, the pseudo header contains the most important parts of complete packets. for example, the source address from IP header, destination address from Ip header, Protocol from IP header, TCP Segment length etc.



As you can see in above diagram, At the end to find or calculate the checksum value, clients need to add Created Pseudo Header And TCP Segment and Then use checksum algorithms to calculate the hash value.

Reference Sites:

Complete Tutorial : Code TCP Packet In Python
Click here