|
Header : IPv4
Following is the structure of IPv4 header. The default size is 20 bytes and it can be as large as 60 bytes depending on the size of Options field.
Version
This field (4 bits) indicates IP version. It is always 4 in IPv4 header.
Internet Header Length (IHL)
This field (4 bit) indicates the length of the IP header and the unit is 4 bytes (32 bits). So, if the value of this field is 5, it means the length of IP header is 20 bytes (= 5 x 4 bytes).
Since max value of IHL value is 15 (4 bits), the max size of IPv4 header is 60 bytes.
DSCP (Differentiated Services Code Point)
This field (6 bits) used to be called ToS('Type of Service') and now renamed to DSCP. Refer to rfc2475 for the details.
ECN(Explicit Congestion Notification)
This field (2 bits) is used for end to end notification of Network Congestion. It has following meaning
- 00 – Non ECN-Capable Transport, Non-ECT
- 10 – ECN Capable Transport, ECT(0)
- 01 – ECN Capable Transport, ECT(1)
- 11 – Congestion Encountered, CE.
Total Length
This field (16 bits) indicates the total length of the IP packet (Length of IP header + Length of payload) in bytes. The minimum value is 20 bytes since the minimum IPv4 header length is 20 bytes.
The length of field is 16 bits. This means the max length of one IP packet is 2^16 Bytes (65535 bytes) including the header. the minimum length of one IP packet is 20 bytes which is the case in which there is only IP header and No payload.
Identification
This field (16 bits) is used to uniquely identify a group of fragments that belongs to the same IP diagram.
Flags
This field (3 bits) is used to control and indentify the fragments. The meaning of each bit is as follows.
- bit 0: Reserved; must be zero.
- bit 1: Don't Fragment (DF)
- bit 2: More Fragments (MF)
For unfragmented packets, the MF flag is set to be 0.
For fragmented packets, bit 0 set to be 0, bit 1 is set to be 0 and bit 2 is set to be 1 (However, in case of the last fragment of the fragmented packets all bits are set to be 0)
Fragment Offset
This field (13 bits) indicates the position of a fragemented packets from the biginning of the original packet. The unit is the multiples of 8 bytes. For example, if the value is 1, it menas the fragment offest is 8 bytes . if the value is 10, it means the fragment offset is 80 bytes. The value for unfragmented packet or the first fragment of the fragmented packet is set to be 0.
Time to Live
This field (8 bits) indicates how long the packet can survive in the network. Even though the unit is in seconds, it is practically interpreted as the number of hops it can go through. When the datagram arrives at a router, the router decrements the TTL field by one. When the TTL field hits zero, the router discards the packet and typically sends an ICMP Time Exceeded message to the sender.
In this way, we can avoid the situation in which a packet goes round and round within the network without reaching the final destination.
Protocol
This field (8 bits) indicates the protocol of the payload part and can be specified by one of the following values.
|
Decimal
|
Hex
|
Keyword
|
Protocol
|
|
0
|
0x00
|
HOPOPT
|
IPv6 Hop-by-Hop Option
|
|
1
|
0x01
|
ICMP
|
Internet Control Message
Protocol
|
|
2
|
0x02
|
IGMP
|
Internet Group Management
Protocol
|
|
3
|
0x03
|
GGP
|
Gateway-to-Gateway Protocol
|
|
4
|
0x04
|
IP-in-IP
|
IP in
IP (encapsulation)
|
|
5
|
0x05
|
ST
|
Internet Stream Protocol
|
|
6
|
0x06
|
TCP
|
Transmission Control
Protocol
|
|
7
|
0x07
|
CBT
|
Core-based trees
|
|
8
|
0x08
|
EGP
|
Exterior Gateway Protocol
|
|
9
|
0x09
|
IGP
|
Interior Gateway
Protocol (any private interior gateway (used by Cisco for their IGRP))
|
|
10
|
0x0A
|
BBN-RCC-MON
|
BBN RCC Monitoring
|
|
11
|
0x0B
|
NVP-II
|
Network Voice Protocol
|
|
12
|
0x0C
|
PUP
|
Xerox PUP
|
|
13
|
0x0D
|
ARGUS
|
ARGUS
|
|
14
|
0x0E
|
EMCON
|
EMCON
|
|
15
|
0x0F
|
XNET
|
Cross Net Debugger
|
|
16
|
0x10
|
CHAOS
|
Chaos
|
|
17
|
0x11
|
UDP
|
User Datagram Protocol
|
|
18
|
0x12
|
MUX
|
Multiplexing
|
|
19
|
0x13
|
DCN-MEAS
|
DCN Measurement Subsystems
|
|
20
|
0x14
|
HMP
|
Host Monitoring Protocol
|
|
21
|
0x15
|
PRM
|
Packet Radio Measurement
|
|
22
|
0x16
|
XNS-IDP
|
XEROX NS IDP
|
|
23
|
0x17
|
TRUNK-1
|
Trunk-1
|
|
24
|
0x18
|
TRUNK-2
|
Trunk-2
|
|
25
|
0x19
|
LEAF-1
|
Leaf-1
|
|
26
|
0x1A
|
LEAF-2
|
Leaf-2
|
|
27
|
0x1B
|
RDP
|
Reliable Datagram Protocol
|
|
28
|
0x1C
|
IRTP
|
Internet Reliable
Transaction Protocol
|
|
29
|
0x1D
|
ISO-TP4
|
ISO Transport Protocol Class 4
|
|
30
|
0x1E
|
NETBLT
|
Bulk Data Transfer Protocol
|
|
31
|
0x1F
|
MFE-NSP
|
MFE Network Services
Protocol
|
|
32
|
0x20
|
MERIT-INP
|
MERIT Internodal Protocol
|
|
33
|
0x21
|
DCCP
|
Datagram Congestion Control
Protocol
|
|
34
|
0x22
|
3PC
|
Third Party Connect Protocol
|
|
35
|
0x23
|
IDPR
|
Inter-Domain Policy Routing
Protocol
|
|
36
|
0x24
|
XTP
|
Xpress Transport Protocol
|
|
37
|
0x25
|
DDP
|
Datagram Delivery Protocol
|
|
38
|
0x26
|
IDPR-CMTP
|
IDPR Control Message
Transport Protocol
|
|
39
|
0x27
|
TP++
|
TP++ Transport Protocol
|
|
40
|
0x28
|
IL
|
IL Transport Protocol
|
|
41
|
0x29
|
IPv6
|
IPv6 Encapsulation
|
|
42
|
0x2A
|
SDRP
|
Source Demand Routing
Protocol
|
|
43
|
0x2B
|
IPv6-Route
|
Routing Header for IPv6
|
|
44
|
0x2C
|
IPv6-Frag
|
Fragment Header
for IPv6
|
|
45
|
0x2D
|
IDRP
|
Inter-Domain Routing
Protocol
|
|
46
|
0x2E
|
RSVP
|
Resource Reservation
Protocol
|
|
47
|
0x2F
|
GRE
|
Generic Routing
Encapsulation
|
|
48
|
0x30
|
MHRP
|
Mobile Host Routing Protocol
|
|
49
|
0x31
|
BNA
|
BNA
|
|
50
|
0x32
|
ESP
|
Encapsulating Security
Payload
|
|
51
|
0x33
|
AH
|
Authentication Header
|
|
52
|
0x34
|
I-NLSP
|
Integrated Net Layer
Security Protocol
|
|
53
|
0x35
|
SWIPE
|
SwIPe
|
|
54
|
0x36
|
NARP
|
NBMA Address Resolution
Protocol
|
|
55
|
0x37
|
MOBILE
|
IP Mobility (Min Encap)
|
|
56
|
0x38
|
TLSP
|
Transport Layer Security
Protocol (using Kryptonet key management)
|
|
57
|
0x39
|
SKIP
|
Simple Key-Management for
Internet Protocol
|
|
58
|
0x3A
|
IPv6-ICMP
|
ICMP for IPv6
|
|
59
|
0x3B
|
IPv6-NoNxt
|
No Next Header for IPv6
|
|
60
|
0x3C
|
IPv6-Opts
|
Destination Options
for IPv6
|
|
61
|
0x3D
|
|
Any host internal protocol
|
|
62
|
0x3E
|
CFTP
|
CFTP
|
|
63
|
0x3F
|
|
Any local network
|
|
64
|
0x40
|
SAT-EXPAK
|
SATNET and Backroom EXPAK
|
|
65
|
0x41
|
KRYPTOLAN
|
Kryptolan
|
|
66
|
0x42
|
RVD
|
MIT Remote Virtual Disk
Protocol
|
|
67
|
0x43
|
IPPC
|
Internet Pluribus Packet
Core
|
|
68
|
0x44
|
|
Any distributed file system
|
|
69
|
0x45
|
SAT-MON
|
SATNET Monitoring
|
|
70
|
0x46
|
VISA
|
VISA Protocol
|
|
71
|
0x47
|
IPCU
|
Internet Packet Core Utility
|
|
72
|
0x48
|
CPNX
|
Computer Protocol Network Executive
|
|
73
|
0x49
|
CPHB
|
Computer Protocol Heart Beat
|
|
74
|
0x4A
|
WSN
|
Wang Span Network
|
|
75
|
0x4B
|
PVP
|
Packet Video Protocol
|
|
76
|
0x4C
|
BR-SAT-MON
|
Backroom SATNET Monitoring
|
|
77
|
0x4D
|
SUN-ND
|
SUN ND PROTOCOL-Temporary
|
|
78
|
0x4E
|
WB-MON
|
WIDEBAND Monitoring
|
|
79
|
0x4F
|
WB-EXPAK
|
WIDEBAND EXPAK
|
|
80
|
0x50
|
ISO-IP
|
International Organization for
Standardization Internet Protocol
|
|
81
|
0x51
|
VMTP
|
Versatile Message
Transaction Protocol
|
|
82
|
0x52
|
SECURE-VMTP
|
Secure Versatile Message Transaction Protocol
|
|
83
|
0x53
|
VINES
|
VINES
|
|
84
|
0x54
|
TTP
|
TTP
|
|
84
|
0x54
|
IPTM
|
Internet Protocol Traffic
Manager
|
|
85
|
0x55
|
NSFNET-IGP
|
NSFNET-IGP
|
|
86
|
0x56
|
DGP
|
Dissimilar Gateway Protocol
|
|
87
|
0x57
|
TCF
|
TCF
|
|
88
|
0x58
|
EIGRP
|
EIGRP
|
|
89
|
0x59
|
OSPF
|
Open Shortest Path First
|
|
90
|
0x5A
|
Sprite-RPC
|
Sprite RPC Protocol
|
|
91
|
0x5B
|
LARP
|
Locus Address Resolution
Protocol
|
|
92
|
0x5C
|
MTP
|
Multicast Transport Protocol
|
|
93
|
0x5D
|
AX.25
|
AX.25
|
|
94
|
0x5E
|
IPIP
|
IP-within-IP Encapsulation
Protocol
|
|
95
|
0x5F
|
MICP
|
Mobile Internetworking
Control Protocol
|
|
96
|
0x60
|
SCC-SP
|
Semaphore Communications Sec. Pro
|
|
97
|
0x61
|
ETHERIP
|
Ethernet-within-IP Encapsulation
|
|
98
|
0x62
|
ENCAP
|
Encapsulation Header
|
|
99
|
0x63
|
|
Any private encryption scheme
|
|
100
|
0x64
|
GMTP
|
GMTP
|
|
101
|
0x65
|
IFMP
|
Ipsilon Flow Management
Protocol
|
|
102
|
0x66
|
PNNI
|
PNNI over IP
|
|
103
|
0x67
|
PIM
|
Protocol Independent
Multicast
|
|
104
|
0x68
|
ARIS
|
IBM's ARIS (Aggregate Route IP Switching) Protocol
|
|
105
|
0x69
|
SCPS
|
SCPS (Space Communications
Protocol Standards)
|
|
106
|
0x6A
|
QNX
|
QNX
|
|
107
|
0x6B
|
A/N
|
Active Networks
|
|
108
|
0x6C
|
IPComp
|
IP Payload Compression
Protocol
|
|
109
|
0x6D
|
SNP
|
Sitara Networks Protocol
|
|
110
|
0x6E
|
Compaq-Peer
|
Compaq Peer Protocol
|
|
111
|
0x6F
|
IPX-in-IP
|
IPX in IP
|
|
112
|
0x70
|
VRRP
|
Virtual Router Redundancy Protocol, Common Address Redundancy Protocol (not IANA assigned)
|
|
113
|
0x71
|
PGM
|
PGM Reliable Transport
Protocol
|
|
114
|
0x72
|
|
Any 0-hop protocol
|
|
115
|
0x73
|
L2TP
|
Layer Two Tunneling Protocol
Version 3
|
|
116
|
0x74
|
DDX
|
D-II Data Exchange (DDX)
|
|
117
|
0x75
|
IATP
|
Interactive Agent Transfer
Protocol
|
|
118
|
0x76
|
STP
|
Schedule Transfer Protocol
|
|
119
|
0x77
|
SRP
|
SpectraLink Radio Protocol
|
|
120
|
0x78
|
UTI
|
Universal Transport Interface Protocol
|
|
121
|
0x79
|
SMP
|
Simple Message Protocol
|
|
122
|
0x7A
|
SM
|
Simple Multicast Protocol
|
|
123
|
0x7B
|
PTP
|
Performance Transparency
Protocol
|
|
124
|
0x7C
|
IS-IS over IPv4
|
Intermediate System to Intermediate System (IS-IS)
Protocol over IPv4
|
|
125
|
0x7D
|
FIRE
|
Flexible Intra-AS Routing Environment
|
|
126
|
0x7E
|
CRTP
|
Combat Radio Transport
Protocol
|
|
127
|
0x7F
|
CRUDP
|
Combat Radio User Datagram
|
|
128
|
0x80
|
SSCOPMCE
|
Service-Specific Connection-Oriented Protocol in a
Multilink and Connectionless Environment
|
|
129
|
0x81
|
IPLT
|
|
|
130
|
0x82
|
SPS
|
Secure Packet Shield
|
|
131
|
0x83
|
PIPE
|
Private IP Encapsulation within IP
|
|
132
|
0x84
|
SCTP
|
Stream Control Transmission
Protocol
|
|
133
|
0x85
|
FC
|
Fibre Channel
|
|
134
|
0x86
|
RSVP-E2E-IGNORE
|
Reservation Protocol (RSVP) End-to-End Ignore
|
|
135
|
0x87
|
Mobility Header
|
Mobility Extension Header for IPv6
|
|
136
|
0x88
|
UDPLite
|
Lightweight User Datagram
Protocol
|
|
137
|
0x89
|
MPLS-in-IP
|
Multiprotocol Label
Switching Encapsulated in IP
|
|
138
|
0x8A
|
manet
|
MANET Protocols
|
|
139
|
0x8B
|
HIP
|
Host Identity Protocol
|
|
140
|
0x8C
|
Shim6
|
Site Multihoming by IPv6
Intermediation
|
|
141
|
0x8D
|
WESP
|
Wrapped Encapsulating
Security Payload
|
|
142
|
0x8E
|
ROHC
|
Robust Header Compression
|
|
143-252
|
0x8F-0xFC
|
UNASSIGNED
|
|
253-254
|
0xFD-0xFE
|
Use for
experimentation and testing
|
|
255
|
0xFF
|
Reserved.
|
Header Checksum
This field (16 bits) carries the checksum value of the header. It may be confusing.. because Header Checksum field is also a part of the header. So you may ask 'does checksum calculation includes HeadChecksum field or not ?'. The answer is 'Yes, the HeadChecksum field is also used in the checksum calculation, but the value is always assumed to be all zero.
Source Address / Destination Address
Both Source address and Destination Address takes 32 bits for each. These address are represted as follow format.
W.X.Y.Z
W, X, Y, Z can be any number between 0 and 255, but depending on various purpose/class these number can take a specific range of values as below. (You can figure out the IP set to your PC using ipconfig command (in windows) or ifconfig (in Linux) and you can figure out the ip for a specific site using nslookup).
Followings are IP addresses that are reserved for private networks.
|
Name
|
Address range
|
Number of addresses
|
Classful description
|
Largest CIDR block
|
| 24-bit block |
10.0.0.0–10.255.255.255 |
16,777,216 |
Single Class A |
10.0.0.0/8 |
| 20-bit block |
172.16.0.0–172.31.255.255 |
1,048,576 |
Contiguous range of 16 Class B blocks |
172.16.0.0/12 |
| 16-bit block |
192.168.0.0–192.168.255.255 |
65,536 |
Contiguous range of 256 Class C blocks |
192.168.0.0/16 |
Followings are some of the IP addresses that are reserved for special purpose.
|
Range
|
Description
|
|
0.0.0.0/8
|
Current network (only valid as source address)
|
|
10.0.0.0/8
|
Private network
|
|
100.64.0.0/10
|
Shared Address Space
|
|
127.0.0.0/8
|
Loopback
|
|
169.254.0.0/16
|
Link-local
|
|
172.16.0.0/12
|
Private network
|
|
192.0.0.0/24
|
IETF Protocol Assignments
|
|
192.0.2.0/24
|
TEST-NET-1, documentation and examples
|
|
192.88.99.0/24
|
IPv6 to IPv4 relay
|
|
192.168.0.0/16
|
Private network
|
|
198.18.0.0/15
|
Network benchmark tests
|
|
198.51.100.0/24
|
TEST-NET-2, documentation and examples
|
|
203.0.113.0/24
|
TEST-NET-3, documentation and examples
|
|
224.0.0.0/4
|
IP multicast (former
Class D network)
|
|
240.0.0.0/4
|
Reserved (former Class E network)
|
|
255.255.255.255
|
Broadcast
|
Example 01 > ===========================================================
Internet Protocol Version
4, Src: 1.1.1.100 (1.1.1.100), Dst: 1.1.1.1 (1.1.1.1)
Version:
4
Header
length: 20 bytes
Differentiated
Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000
00.. = Differentiated Services Codepoint: Default (0x00)
....
..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total
Length: 32
Identification:
0x0a76 (2678)
Flags:
0x00
0...
.... = Reserved bit: Not set
.0..
.... = Don't fragment: Not set
..0.
.... = More fragments: Not set
Fragment
offset: 0
Time
to live: 128
Protocol:
Unknown (253)
Header
checksum: 0x2b05 [correct]
[Good:
True]
Following is the HEX string and Binary String for the IP header decoded above, try decode each field on your own and compare your decoding with the wireshark decode shown above. You can get the C language example of IPv4 decoding if you are interested.
HEX : 45 00 00 20 0a 76 00 00 80 fd 2b 05 01 01 01 64 01 01 01 01
BIN :
01000101 00000000 00000000 00100000
00001010 01110110 00000000 00000000
10000000 11111101 00101011 00000101
00000001 00000001 00000001 01100100
00000001 00000001 00000001 00000001
|