Internet Checksum Calculator (RFC 1071)

Calculate the Internet checksum (RFC 1071) — the 16-bit one's-complement sum used in IPv4, ICMP, TCP, and UDP headers — over hex bytes or text. It shows the running sum, the carry-folded sum, and the final checksum, and recomputing over data that already includes the checksum yields zero. Everything runs locally in your browser.

Input is

Input

Default is an IPv4 header with the checksum field zeroed — it computes to 0xB861.

How to use the Internet Checksum Calculator (RFC 1071)

Enter your data and choose Hex bytes or Text. Hex is the usual choice for protocol headers — separate bytes with spaces or commas, with an optional 0x prefix — while text is converted to UTF-8 bytes first. The cards update live and show the final checksum in hex and decimal, plus the intermediate folded sum whose one\'s complement is that checksum.

The default is the classic IPv4 header example with its checksum field set to zero; computing over it produces 0xB861, the value you would write back into the header. A key property is built in: if you instead include the correct checksum in the data and recompute, the result is 0x0000, which is exactly how a receiver verifies a packet. When the number of bytes is odd, the final byte is padded with a zero low byte, following the RFC.

It all runs in your browser, so the computation is instant, works offline, and nothing you paste is sent anywhere.

The one's-complement checksum behind the Internet

The Internet checksum, specified in RFC 1071, is the error-detection scheme that the core Internet protocols have used since the beginning. It guards the IPv4 header, and it covers the payloads of ICMP, TCP, and UDP. Its design priorities were speed and simplicity on the modest hardware of the 1970s and 80s: it uses nothing but addition, and it has the elegant property of being independent of byte order on the machines that matter, so routers and hosts can compute it cheaply as packets fly past. The trade-off is that it is a relatively weak check compared with a CRC — it reliably catches single-bit errors and many common faults, but it can miss certain patterns — which is why higher layers and modern link technologies often add stronger checks on top.

The algorithm is a 16-bit one\'s-complement sum. You treat the data as a sequence of 16-bit words and add them all together using ordinary arithmetic, but whenever the running total overflows past 16 bits you take the carry that fell off the top and add it back in at the bottom — an operation called end-around carry, which is what "one\'s complement addition" means in practice. After all the words are summed and the carries folded in, you take the one\'s complement of the result — flip every bit — and that is the checksum. If the data has an odd number of bytes, the last byte is treated as the high half of a final word with a zero low half. The whole thing is just a loop of additions plus a final bitwise NOT.

What makes the scheme practical for verification is a beautiful consequence of one\'s-complement math. The sender computes the checksum over a header whose checksum field is zero and stores the complement there. The receiver then sums the entire header, checksum field included, using the same end-around-carry addition — and because a number plus its own complement is all ones, the receiver should get a result of all ones, whose complement is zero. So "the checksum verifies" reduces to "the recomputed checksum is zero," with no need to separate the checksum field back out. That is why this tool will show 0xB861 for the example header with a zeroed field, and 0x0000 once that value is written back in. Understanding the fold-and-complement steps is the key to the algorithm, and being able to compute it by hand is genuinely useful when you are crafting packets, debugging a raw socket, or checking why a network stack is dropping a frame.

Common use cases

Packet crafting. Compute the header checksum for a hand-built IPv4, ICMP, TCP, or UDP packet.
Verifying captures. Confirm a checksum from a packet capture by recomputing it over the bytes.
Raw sockets. Fill in the checksum field when sending packets that the kernel will not compute for you.
Learning networking. See the end-around carry and one\'s complement steps that verify to zero.

Frequently asked questions

What is end-around carry?

When the 16-bit running sum overflows, the carry bits above bit 15 are added back into the low end of the sum. Repeating until no carry remains is one's-complement addition, the heart of the Internet checksum.

Why does recomputing with the checksum included give zero?

Because a value plus its one's complement is all ones, and the complement of all ones is zero. The sender stores the complement, so the receiver summing everything gets all ones, which complements to zero — meaning the data is intact.

What happens with an odd number of bytes?

The final lone byte is treated as the high 8 bits of a 16-bit word with a zero low byte, as specified by RFC 1071. The tool pads automatically.

Is this the same checksum used by TCP and UDP?

Yes, the algorithm is identical. TCP and UDP compute it over a pseudo-header plus the segment, while IPv4 computes it over just the header, but the one's-complement sum itself is the same in every case.