CompTIA Network+ Certification Guide
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

The format of an IPv4 packet

We've been talking about IPv4 and packets for quite some time, so let's take a look at the fields that make up an IPv4 packet and their purpose. The following diagram displays the fields of an IPv4 packet:

As shown in the preceding diagram, there are many fields. As an upcoming network professional, it's important to understand the purpose of these fields and how they play a vital role in the composition of the IPv4 packet. The following is a description of each field:

  • Version: This field identifies whether the packet is version 4 or version 6. This field is 4 bits in length.
  • Internet Header Length (IHL): This is used to indicate the beginning of data that is 4 bits in length.
  • Differentiated Services (DS): This field was originally named Type of Service (ToS). It is used to determine the priority of a packet. This field is 8 bits in length.
  • Total Length: This field allows a datagram to be up to 65,535 octets in size. This field is 16 bits in length.
  • Identification: As mentioned previously, a sender usually assigns a value to each bit as they are placed on the physical layer. The value that's assigned is placed in this field to assist the receiver in the reassembly process. This field is 16 bits in length.
  • Flags: This is used to enable various flag options in the IP packet. This field is 3 bits in length.
  • Fragment Offset: This field is used to indicate where in the datagram this fragment belongs. It is 13 bits in length.
  • Time to Live (TTL): This field can only be found in packets. It is used to set the maximum time a packet is allowed to remain in a network. When each hop passes, the TTL value decreases by 1. If the TTL reaches 0, the last hop to set it to 0 discards the packet from the network. The TTL field has a size of 8 bits.
  • Protocol: This field indicates the network protocol that is being used in the packet. It is 8 bits in length.
  • Header Checksum: This field contains a checksum (hash) value of the header only. It is 16 bits in length.
  • Source IP address: This field contains the sender's IP address. It is 32 bits in length.
  • Destination IP address: This field contains the destination's IP address. It is 32 bits in length.
  • Options: This field is a variable field.
These fields may look a bit overwhelming on the theoretical side of networking, but if you use a network protocol analyzer tool such as Wireshark ( www.wireshark.org ), you would be able to see the fields of a packet that we just described.

The following is a Wireshark capture of an IPv4 packet. This capture (challenge 14 – Weird Python) was taken from The Honeynet Project (www.honeynet.org), which is a non-profit security organization that promotes internet security globally.

Let's take a look at packet 682. We can see all of the fields with their corresponding values:

If you're interested in learning about packet analysis and network forensics, The Honeynet Project ( www.honeynet.org) is a good place to start. Their challenges will broaden your analytical skills as a network professional.
上一章目录下一章