**This notebook demonstrates checksum validation of network packets using the Python Scapy library. The packet capture file Wireshark2.pcap is analyzed to extract header fields and verify whether the checksum values in the packets are correc**t.

In [1]:
!pip install scapy



Collecting scapy
  Downloading scapy-2.7.0-py3-none-any.whl.metadata (5.8 kB)
Downloading scapy-2.7.0-py3-none-any.whl (2.6 MB)
[?25l   [90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m0.0/2.6 MB[0m [31m?[0m eta [36m-:--:--[0m[2K   [91m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m[91m╸[0m [32m2.6/2.6 MB[0m [31m89.2 MB/s[0m eta [36m0:00:01[0m[2K   [90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m2.6/2.6 MB[0m [31m52.7 MB/s[0m eta [36m0:00:00[0m
[?25hInstalling collected packages: scapy
Successfully installed scapy-2.7.0


-Objective:
To analyze a packet capture (.pcap) file using Python Scapy.
To extract IP and TCP packet header fields.
To recalculate checksum values programmatically.
To compare recalculated checksum values with original checksum values.

In [2]:
from google.colab import files
uploaded = files.upload()


Saving Wireshark2.pcap to Wireshark2.pcap


The previous cells demonstrate the analysis of network packets using the Scapy library in Python. Initially, the necessary `scapy` library was installed. Following this, a Wireshark packet capture file named `Wireshark2.pcap` was uploaded and loaded into Scapy. The core of the analysis involved iterating through each packet in the capture, focusing specifically on packets that contain both IP and TCP layers. For these packets, the original IP and TCP checksums were extracted, and then recalculated programmatically. Finally, a comparison was made between the original and recalculated checksums to verify their integrity, with the results printed for each analyzed packet.

In [4]:
import os
print(os.listdir())


['.config', 'Wireshark2.pcap', 'sample_data']


In [5]:
from scapy.all import *

# Load your Wireshark capture file
packets = rdpcap("Wireshark2.pcap")

print("Total packets:", len(packets))
print("-" * 50)

for i, pkt in enumerate(packets):

    # Check only IP + TCP packets
    if IP in pkt and TCP in pkt:

        print(f"Packet No: {i+1}")

        # Original checksum values
        original_ip = pkt[IP].chksum
        original_tcp = pkt[TCP].chksum

        # Recalculate checksum
        recalculated_ip = IP(bytes(pkt[IP])).chksum
        recalculated_tcp = TCP(bytes(pkt[TCP])).chksum

        print("Source IP:", pkt[IP].src)
        print("Destination IP:", pkt[IP].dst)

        print("Original IP Checksum:", hex(original_ip))
        print("Calculated IP Checksum:", hex(recalculated_ip))

        print("Original TCP Checksum:", hex(original_tcp))
        print("Calculated TCP Checksum:", hex(recalculated_tcp))

        # Verify result
        if original_tcp == recalculated_tcp:
            print("TCP Checksum VERIFIED ✅")
        else:
            print("TCP Checksum MISMATCH ❌")

        print("-" * 50)


[1;30;43mStreaming output truncated to the last 5000 lines.[0m
Calculated IP Checksum: 0x6d6a
Original TCP Checksum: 0x1bbe
Calculated TCP Checksum: 0x1bbe
TCP Checksum VERIFIED ✅
--------------------------------------------------
Packet No: 1576
Source IP: 103.28.54.102
Destination IP: 10.115.37.254
Original IP Checksum: 0x328a
Calculated IP Checksum: 0x328a
Original TCP Checksum: 0x534f
Calculated TCP Checksum: 0x534f
TCP Checksum VERIFIED ✅
--------------------------------------------------
Packet No: 1577
Source IP: 40.79.150.120
Destination IP: 10.115.37.254
Original IP Checksum: 0xcc8c
Calculated IP Checksum: 0xcc8c
Original TCP Checksum: 0x6660
Calculated TCP Checksum: 0x6660
TCP Checksum VERIFIED ✅
--------------------------------------------------
Packet No: 1578
Source IP: 140.82.114.26
Destination IP: 10.115.37.254
Original IP Checksum: 0x6d81
Calculated IP Checksum: 0x6d81
Original TCP Checksum: 0x8105
Calculated TCP Checksum: 0x8105
TCP Checksum VERIFIED ✅
--------------

**Final Conclusion**

In this experiment, checksum validation of network packets was successfully performed using the Python Scapy library. The packet capture file Wireshark2.pcap was analyzed to extract IP and TCP header information. The checksum values were recalculated programmatically and compared with the original checksum values present in the packets. The matching checksum values confirmed the integrity and correctness of the transmitted data. This experiment demonstrates the effectiveness of Python-based network analysis tools like Scapy for packet inspection, validation, and network traffic analysis.