0 | . | . | 3 | 4 | . | . | 7 | 8 | . | . | . | . | . | . | 15 | 16 | . | 18 | 19 | . | . | . | 23 | 24 | . | . | . | . | . | . | 31 |
ipv | ihl | tos | total length | ||||||||||||||||||||||||||||
identification | flags | frag offs | |||||||||||||||||||||||||||||
ttl | proto | header checksum | |||||||||||||||||||||||||||||
source address | |||||||||||||||||||||||||||||||
destination address | |||||||||||||||||||||||||||||||
(options) | (padding) | ||||||||||||||||||||||||||||||
(data) |
- ip version (4 bits)
The ip protocol version. Currently 4 as of 1979 (rfc 791). - ip header length (4 bits)
Total header length in 32 bit words. Usually five (5) (since you hardly ever use options). Sort of silly because values of 0-4 cannot be used. Perhaps these could be used as some sort of biased value to extend the length of the header? - type of service (8 bits)
Describes how the packet should be handled in transit (speed vs. reliability vs. throughput). Bits arranged as follows:0 1 2 3 4 5 6 7 precedence d t r reserved bits 0-2:
(precedence)000 – routine traffic
001 – priority
010 – immediate
011 – flash
100 – flash override
101 – critic/ecp
110 – internetwork control
111 – network controlbit 3: (d) normal(0)/low(1) delay bit 4: (t) normal(0)/high(1) throughput bit 5: (r) normal(0)/high(1) reliability bits 6-7: reserved for future use - total packet length (16 bits)
Packet length in bytes up to 65535 (includes the bytes in the header). You won’t probably won’t see many packets this big because ethernet framing doesn’t let you have anything more than 1500 and modem links are usually set much lower (about 296 perhaps?) for responsiveness. So larger poackets would always get fragemented and that’s something to avoid. If possible. - identification (16 bits)
An identifying number to be used to reassemble fragmented packets. - fragmentation flags (3 bits)
Flags controlling whether a packet is fragmented and/or may be fragmented. Structured as follows:0 1 2 reserved df lf where the df bit (don’t fragment) prevents packets from being fragmented if set, and the lf bit (last fragment) is set in the last packet in the sequence of fragments.
- fragmentation offset (13 bits)
Measured in units of 8 octets (or bytes) is simply a sequence number for the bytes in this packet when reassembling. The first offset will be zero. - time to live (8 bits)
Maximum life of a packet. If this field is zero, the packet is destroyed. Usually decremented by one when passed from one hop to the next (unless bridging). - protocol (8 bits)
The protocol used in the data portion (see “assigned numbers” rfc 790 or 1010 or below). - header checksum (16 bits)
A sixteen bit checksum on the ip header only. The ttl field changes at each hop so this needs to be recomputed on each hop. “The checksum field is the 16 bit one’s complement of the one’s complement sum of all 16 bit words in the header. For purposes of computing the checksum, the value of the checksum field is zero.” (At least, according to rfc 791). My interpretation: one’s complement each sixteen bit word in the header, add all these quantities (drop carries) and then one’s complement that sum. - source address &
- destination address (32 bits each)
The ip addresses of the ultimate sending and receiving hosts of the packet. In network byte order (of course) which is just another way of saying big endian, but it’s more politically correct. - options (variable, up to 40 bytes)
The first byte (if any options bytes are present) is the option type byte laid out as follows:0 1 2 3 4 5 6 7 copy flag option class option number If the copy flag is set, the option is copied into all fragments upon fragmentation. Option classes are: 0) control, 1) reserved, 2) debugging and measurement, and 3) reserved. A few option types are defined:
class number length description 0 0 – end of option list 0 1 – no operation 0 2 11 security 0 3 var. loose source routing 0 9 var. strict source routing 0 7 var. record route 0 8 4 stream id 2 4 var. internet timestamp The next option byte (if required by the option type) is usually a length byte (in bytes, not 32 bit words).
- padding (variable, fills out the 32 bit words)
I’m pretty sure this is ignored so it probably doesn’t matter but just make it all zeroes anyway, okay? It just makes the header an even 32 bit length. - data (variable, up to 65535 – header bytes)
This is where all your data goes. Whatever ip can package (see the protocol field) goes here. Take your pick (from rfc 790 or 1010)…protocol number protocol name rfcs listed decimal octal hexadecimal keyword meaning 790 1010 0 000 00 (reserved) * * 1 001 01 ICMP internet control message protocol * * 2 002 02 IGMP Internet Gateway Management Protocol * 3 003 03 GGP Gateway-to-Gateway * * 4 004 04 (unassigned) CMCC (unassigned) 5 005 05 ST Stream * * 6 006 06 TCP Transmission Control Protocol * * 7 007 07 UCL UCL * * 8 010 08 EGP External Gateway Protocol * 9 011 09 IGP any private interior gateway SECURE IGP 10 012 0a BNN-RCC-MON BBN RCC Monitoring * * 11 013 0b NVP-II Network Voice Protocol NVP NVP-II 12 014 0c PUP PUP * * 13 015 0d ARGUS ARGUS PLURIBUS ARGUS 14 016 0e EMCON EMCON TELENET EMCON 15 017 0f XNET Cross Net Debugger * * 16 020 10 CHAOS Chaos * * 17 021 11 UDP User Datagram Protocol * * 18 022 12 MUX Multiplexing * * 19 023 13 DCN-MEAS DCN Measurement Subsystems DCN DCN-MEAS 20 024 14 HMP Host Monitoring TAC HMP 21 025 15 PRM Packet Radio Measurement * 22 026 16 XNS-IDP XEROX NS IDP * 23 027 17 TRUNK-1 Trunk-1 * 24 030 18 TRUNK-2 Trunk-2 * 25 031 19 LEAF-1 Leaf-1 * 26 032 1a LEAF-2 Leaf-2 * 27 033 1b RDP Reliable Data Prococol * 28 034 1c IRTP Internet Reliable Transaction * 29 035 1d ISO-TP4 ISO Transport Protocol Class 4 * 30 036 1e NETBLT Bulk Data Transfer Protocol * 31 037 1f MFE-NSP MFE Network Services Protocol * 32 040 20 MERIT-INP MERIT Internodal Protocol * 33 041 21 SEP Sequential Exchange Protocol * 34-60 042-074 22-3c (unassigned) * * 61 075 3d any host internal procotol * 62 076 3e CFTP CFTP * 63 077 3f any local network 64 100 40 SAT-EXPAK SATNET and backroom EXPAK * * 65 101 41 MIT-SUBNET MIT subnet support 66 102 42 RVD MIT Remote Virtual Disk Protocol * 67 103 43 IPPC Internet Pluribus Packet Core * 68 104 44 any distributed file system * 69 105 45 SAT-MON SATNET Monitoring * * 70 106 46 (unassigned) * * 71 107 47 IPCV Internet Packet Core Utility * * 72-75 110-113 48-4b (unassigned) * * 76 114 4c BR-SAT-MON Backroom SATNET Monitoring * * 77 115 4d (unassigned) * * 78 116 4e WB-MON WIDEBAND Monitoring * * 79 117 4f WB-EXPAK WIDEBAND EXPAK * * 80-254 120-376 50-fe (unassigned) * * 255 377 ff (reserved) * * or try reading your local /etc/protocols file