IP Header: Networking & TCP/IP Tutorial. TCP/IP Explained
Today we examine the IP Header in great detail. So 1st lets look at the location of IP in the TCP/IP Stack. We notice that its in the Network Layer, which is layer 3.
Now let’s examine the fields in detail.
Version (4 Bits)
Defines the version of the IP Protocol. Currently version you have mostly vers 4, ie IPv4 with Ipv6 coming in. Vers 6 could totally replace 4, probably around the same time porn is totally eliminated from the internet.
Header Length (4 bits)
This is the total length of the header in 4 byte words (that’s 32 bits for you n00bs). Meaning it points to the beginning of the data.With no options the header length is 20 bytes, so the value of the field is 5 (20 / 4). Add options and guess what: value increases.
Service Type (8 bits)
This was originally TOS, to indicate the QOS (Quality of Service) desired in networks that offer service precedence. So high precedence traffic got the royal treatment. Just for fun they changed it to Differentiated Services, still concerned precedence, but with a different interpretation. But it’s still compatiblewith the original TOS.
Total Length (16 bit)
This is the total length of the IP datagram, in bytes including header and the data. Do the math: 16 bits allows for a total length of up to 65,535. Try sending a 65,000 byte datagram over your production network just for fun
Identification (16 bits)
If the datagram is fragmented, all the fragments will have same unique identification value. This way the receiving end knows that all fragments with same identification value need to be assembled back into one datagram
Flags (3 bit)
Bit 0: Reserved (for what, nobody knows)
Bit 1: Do not Fragment. If set to 1, may not be fragmented. So if MTU is too small, datagram is dropped. Remember MTU = Maximum Transfer Unit
Bit 2: More fragments. If set to 1, then the datagram is not the last fragment
OK, we just came across 2 important terms, Fragmentation & MTU. Let’s discuss them now before proceeding
LANs & WANs have a limit on the amount of data that can be carried in a frame (at layer 2), which is usually Ethernet. That limit is called the MTU = Maximum Transfer Unit. But the datagram prepared at the network layer, may be larger the MTU, due to the large amount of that needs to be sent. In this case, the datagram needs to be fragmented to smaller unit before being passed to the data link layer.
Fragmentation offset (13 bits)
Indicates the relative position of each particular frag when a datagram is fragmented. It’s the offset of the original datagram in 8 byte units. Note carefully - 8 byte units. Example - Datagram of 3200 bytes is split into3 frags1st Frag: Carries the 1st 1400 bytes. Being the 1st frag it’s offset is always 0.2nd Frag: Carries the next 1400 bytes. It’s offset is 175. Why? It’s the bytes in theprior frag, divided by 8.Last Frag: Carries the next 800 bytes. It’soffset is 350. Why? It’s the bytes in the prior 2 frags (2800) divided by 8
Time to live (8 Bits)
Prevents the datagram from hanging around endlessly, like unwanted guests, should routing tables get screwy. Each router it hits decrements the TTL by 1, & when TTL gets to 0, the datagram is unceremoniously discarded.
Use of TTL is what makes Traceroute work
Protocol (8 bits)
Defines the upper layer Protocol. A value of 6 indicates TCP sits on top of the IP datagram. Value of 17 indicates UDP. 1 indicates ICMP. There’s over a 100 more, some important, most obscure.
Header checksum (16 bits)
Purpose of checksum is to detect corruption in transit. For IP, the checksum covers the header but not the data. The sender uses analgorithm (one’s complement arithmetic, if you must know) on the header & the result is sent with the packet. Then the receiver uses same algorithm over the header, and comes up with it’s own result result. If the results don’t match the packet is rejected like a geek at senior prom.
Source IP Address (32 bits)
I thought long & hard about how to describe this one. In a stroke of genius I came upwith “the IP address of the source”
It looks like this: 192.168.1.1
Not this: 68-A3-C4-3F-52-53
Destination IP Address (32 bits)
This one should be pretty muchself explantory after reading my brilliant explanation on Source IP address
Options + Padding (32 bits)
Options don’t seem to be used too much solet’s blow it off for now. If your do use em,you add enough padding so that the field is exactly 32 bits.Seems like fertile ground for crafted packethacks
This has been Huckleberry. Please mash down that LIKE button right now before you forget.