Enhance your Career in Networking With IPinBits!!!​

IPv4 – Lets have a packet analysis

As you know IPv4 is a routed protocol, it means this protocol is used for L3 addressing only and not for routing. We route IPV4 information using routing protocols. So IPv4 is the most basic thing to learn when exploring a career in networking.

Today we will see what is in IPv4 header and why these fields are used. IPv4 header can be 20-60 byte long, i.e. IPv4 will have at least 20 bytes information in header.

IPv4 Header

Now lets have a detailed look at each field on IP header and what is the significance of each field in the header :-

  • Version – This will tell which version of IP protocol this header belongs to. For IPv4, its always 4 (0100) and for IPv6 it will be 6 (0101).
  • IHL (HEADER LENGTH) – This do not have any fix value and will tell the size of whole header, Its minimum value is 5 (5×32 bits = 20 Bytes) and Maximum value is 15 (15×32 bits = 60 Bytes).
  • Type Of Service (TOS) – This field is responsible for QoS on L3 level. It has 8 bits and these 8 bits can be assigned as per the type of QoS. We will have a separate and detailed article dedicated to TOS field.
    • IP Precedence – First 3 bits used for QoS.
    • DSCP – First 5 bits used for Class and Drop Probability while 5th is reserved. Bit 6/7 in this setting is used along with QoS Congestion management ( ECN bits)
  • Total Length – This field denotes the total length of entire packet size (Headed + PDU). Minimum size is 20 byte (Header only) and Max size is 65535 bytes.
  • Identification – As we will study more about the IP fragmentation, we will need this field. For Now lets suppose our IP PACKET is 1500 byte long but our system are not capable of sending entire packet in one go, So the packet will be broken into smaller fragments and will be sent accordingly. All fragments will have same IDENTIFCATION value to denote that they all below to same packet and will be helpful to de-fragmentation at peer end.
  • FLAGS – There are 3 flags used in IP header for more information on IP fragmentation. There are :-
    • Bit 0 – Reserved Flag and must be ZERO.
    • Bit 1 – DF (Don’t Fragment) – If this flag is on then the IP packet will never be fragmented or we can say broken into smaller parts for transportation between A to B. It is also used in PMTUD (Path MTU Discovery)
    • Bit 2 – MF (More Fragments ) This flag will tell the receiving end that there are more fragments of the same packets and he should wait for de-fragmentation. The last fragment will have MF = 0.
  • Fragment Offset – This field is also used for fragments information. It will tell that this packet has data from which byte. Lets Understand it by and example
    Suppose we have 500 MTU and our data is 3000 byte. So now packets need to be fragmented in smaller packets and each smaller will have its own header :-
    1st packet – 480 byte data + 20 byte IP header —–>MF =1, Fragment Offset value – 0
    2nd packet – 480 byte data + 20 byte IP header—–>MF =1, Fragment Offset value – 480/8 = 60
    3rd packet – 480 byte data + 20 byte IP header—–>MF =1, Fragment Offset value – 480+480/8 = 120
    4th packet – 480 byte data + 20 byte IP header—–>MF =1, Fragment Offset value = 180
    5th packet – 480 byte data + 20 byte IP header—–>MF =1, Fragment Offset value = 240
    6th packet – 480 byte data + 20 byte IP header—–>MF =1, Fragment Offset value = 300
    7th packet – 100 byte data + 20 byte IP header—–>MF =0,, Fragment Offset value = 360
    Fragment Offset Value will tell how much data is already sent before that fragmented packet and it is always denoted in DATA(without header)/8

  • Time To Live (TTL) – This is the IP packet life. While human life is measured in Years, IP packet life is measured in TTL and TTL is decremented by each passing router by 1.
  • Protocol – This field contains the information about the PDU IP packet carries. It tells that PDU belongs to which protocol. Some examples are :-
    • ICMP – 1
    • TCP – 6
    • UDP – 17
    • VRRP – 112
  • Header Checksum – This field is used for error checking of IP header.
  • Source and Destination Address – These fields are 32 bit long and contains the source and destination IP. These remains same from source to destination (if NAT is used in-between then these are changed).
  • Options – These are not very often used and never asked in interviews. You can have a look at options field on below link
    https://www.iana.org/assignments/ip-parameters/ip-parameters.xhtml#ip-parameters-1

So this was all about the IPv4 Header and its contents. Most Important fields in this header are – TOS, Identification, Flags, Fragment Offset, TTL and Protocol. It is always recommended to study about these fields and options available in each field.

Related blog posts