In my journey of understanding the TCP/IP world. I found the understanding and learning about the IPV4 Header is most critical and useful for everyone. In this article we will not only discuss the function of each field, we will also see how these field changes when we send different kind of traffic.
Overview of IP:
IP protocol is one of the main protocols in the TCP/IP stack and it is responsible for movement packet.
Let’s ping the R2 loopback interface [126.96.36.199] from R1 and capture the IP Packet. Please note PING Program uses the ICMP Protocol which is part of IP Protocol.
IP Packet captured:
The normal size of the IP Header is 20 Bytes unless option are present [option field could be related to strict source routing or loose source routing but this field is being rarely used]
This field identify the IP version of the packet. This is 4th bit value set to be binary 0100 [0+4+0+0] for IP V4 or 0110 [0+4+2+0] for IPV6.
This is 4th bit field specify the length of the IP header. Here in our example it is the minimum value of 20 Bytes since we are not using any option field.
This is how this value will be calculated.
4bit = 0 1 0 1 = [0+4+0+1] = 5 Byte X 4 Byte [32 bit header length] = 20 Bytes.
Maximum value with option field will vary up to 60 Bytes
4bit = 1 1 1 1 = [8+4+2+1] = 15 Byte X 4 Byte [32 bit header length] = 60 Bytes.
Let’s use strict source routing [used to specify the exact path a packet must traverse in route to its destination] with the extended ping and check the header length.
Extended Ping with strict routing.
Packet Capture shows Header length is now 28 Bytes with Option field
This is 8 bit field used to mark the packet which router can use to treat the packet based upon the marking.
6bit Value [(DS5-DS0]: DSCP defines the way routers should queue packets while they are waiting to be forwarded.
2bit Value: ECN allows end-to-end notification of network congestion without dropping packet.
All the bits set to Zero in this field indicate we are using normal service
Let’s use again extended ping with DSCP Expedited Forwarding (101110) = 128+32+16+8 = 184
Packet Capture shows the binary value of 101110 in DSCP Field
This 16-bit field indicates the total length of IP Datagram only [ not contain the IP Header]
This field vary depending upon the data we send and can go up to 65535 bytes [If the value 65535 doesn’t match to the MTU it will be fragmented].
Let’s use extended ping with the Size of 200
Packet Capture shows the total length value of 200
This is 16-bit bit field used uniquely identify IP packet. If the packet is being fragmented this value will help the receiver to reassemble the packet again.
Let’s send a packet with the size of 3000 bytes [Current value of MTU is 1500 Byte so this packet will be fragmented].
Ping Program basically send 5 ICMP Echo request
5 ICMP Packets being fragmented into 3 chunks [1500+1500+40] but its shows the identification number remain same. For the first ICMP echo request it is 0x001e (30).
1st ICMP Echo Request
2nd ICMP Echo Request
This 3 bit flag field used in fragmentation. Normally set to Zero if we are not using it
The first bit is reserved and set to zero.
The Second bit is called the DF (Don’t Fragment) bit and indicates that this packet should not be fragmented
Let’s use extended ping with the Size of 3000 byte and with the DF bit set to 1
Result the packet is being dropped as it couldn’t fit the MTU and not fragmented as the DF bit was set to 1.
Packet captured show DF bit is set to 1
The third bit is called the MF (More Fragments) bit and is set on all fragmented packets except the last one.
We can use here packet capture of ICMP echo request 1 [ 1st chunk] packet being used in the last example.
3rd chunk in the ICMP echo request 1 was sent normally
This 13 bit field used when fragmentation of a packet occurs, this field specifies the position, in the overall message where the data in this fragment goes.
Let’s take an Example of ICMP Echo request 1 of 3000 bytes which is being fragmented and check those 3 chunk and their start position.
1st chunk start: 0
2nd chunk – middle: 1480
3rd chunk – end: 2960
This is 8 bit value and it limit the life time of the packet. This value is set by sender [ e.g 255 ] and decremented by each router in the path towards to destination. When this value reaches to 0, the packet will get dropped and sender is notified with an ICMP message. This prevents packet from getting caught in routing loop forever.
This 8 bit value indicate which upper layer protocol being encapsulated in the IP packet.
This field is used at the receiver to identify the upper layer to which the traffic is belongs to.
In our example it is ICMP.Number 1
1 = ICMP, 2= IGMP, 6 = TCP, 17=UDP
This 16 bit field value calculated over IP header only. The sender value calculate the value based on the bits in IP header and store it in checksum field. When the packet is received at the receiving end the value will be again calculated. If the result not matches, IP discard the packet. No error message is generated.
Please note that IP is unreliable service so it’s up to the upper layer to detect the missing datagram and retransmit it.
ICMP Echo Request
ICMP Echo Reply
This is 32 bit value used to identify the source IP address. In our example it is R1 out going interface.
This is 32 bit value used to identify the destination IP address. In our example it is R2 loopback interface.
- Option Field
These option field is rarely used and not all the devices support all the option.
When we use the option field the value in the header length will increase which we saw in our previous example.
Some of the option fields are : record route, Strict source routing, loose source routing
Conclusion: In this article, we have discussed how these field changes when we send certain type of traffic. I hope this this article has been helpful and gave you overall picture of the IPV4 header.