Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Checksums (router checksum, CCO Hash)

Hi guys!

Since I didn't know where to post this question I'm psoting it here under Security:

In my effort to verify the integrity of binary data as stored on Cisco devices or stored on file servers, I ran across some checksums, which I'm unable to find information about.

1.) router checksum

When downloading an IOS image with a CCO account the following information is given:

Release 12.3.23

Size 9578364

BSD Checksum -

Router Checksum 0x415c

MD5 06e83479353e70c8f29e9593834569f8

Date Published: 25-JUL-2007

I do understand MD5 checksums and how to use them, however I have no clue what the router checksum is and how to use or to verify it. Any ideas where to find this checksum to verify it against? Or any idea on the algorithm used to compute this checksum?

BTW why is the BSD checksum not computed here? What would be the algorithm for the BSD checksum?

2.) CCO checksum

At each Cisco device the 'verify' command can be used to generate checsums:

Router#verify flash:c2800nm-ipbase-mz.123-14.T5.bin


Embedded Hash MD5 : C03F32097254C8DAF62513225EFA1347

Computed Hash MD5 : C03F32097254C8DAF62513225EFA1347

CCO Hash MD5 : E0779F332333B30AEBACE4E47E275368

It seems to me that if the computed checksum matches the embedded checksum, I'm on the safe side w.r.t. integrity of the binary.

However, what does the CCO Hash mean, where do I find this string to verify it against?

How is this string created - which algorithm is used?

Thanks in advance for any insight on this topic.

Best regards,


New Member

Re: Checksums (router checksum, CCO Hash)

In the new UDP header, the checksum value is always assigned to zero. This value prevents an intermediate device from validating the checksum against the packet checksum, thereby, resolving the TCP UDP checksum issue because NAT changes the IP source and destination addresses