The IPv4 packet header consists of 20 bytes of data. An option exists within the header that allows further optional bytes to be added, but this is not normally used (with the occasional exception of something called "Router Alert").
IP header information extracted from a
Netsniff-ng packet capture is listed below. If you want to know more check out my post about Netsniff-ng here:
https://admin-ahead.com/forum/general-discussion/netsniff-ng-the-packet-sniffing-beast/ [ IPv4 Addr (192.168.12.88 => 192.168.12.37), Proto (6), TTL (64), TOS (16), Ver (4), IHL (5),
Tlen (2948), ID (15186), Res (0), NoFrag (1), MoreFrag (0), FragOff (0), CSum (0xd1cb) is ok ]
Let us take a look at some of these fields.
1. IPv4 Packet header has
2 IP address fields, a 32-bit source address, and a 32-bit destination address. It is shown above as IPv4 Addr (source => destination).
2. Protocol (Proto): (Service Access Point (SAP) which indicates the type of transport packet being carried (e.g. 1 = ICMP; 2= IGMP; 6 = TCP; 17= UDP).
3. Time to Live (TTL): (Number of hops /links which the packet may be routed over, decremented by most routers - used to prevent accidental routing loops)
4. Type of Service: It is how the datagram should be used, e.g. delay, precedence, reliability, minimum cost, throughput etc. This TOS field is now used by Differentiated Services and is called the Diff Serv Code Point (DSCP).
5. Version: Shows the version of IP being used (4 = IPv4, 6 = IPv6)
6. IP Header Length (IHL): It is header length in 32-bit words, so if the number is 6, then 6 x 32-bit words are in the header i.e. 24 bytes. The maximum size is 15 x 32-bit words which is 60 bytes. The minimum size is 20 bytes or 5 x 32-bit words.
7. Total length (Tlen): It is the number of octets that the IP datagram takes up including the header. The maximum size that an IP datagram can be is 65,535 octets.
8. Fragmentation Offset (FragOff): It is a byte count from the start of the original sent packet, set by any router which performs IP router fragmentation)
9. Checksum (Csum): A 1's complement checksum inserted by the sender and updated whenever the packet header is modified by a router - Used to detect processing errors introduced into the packet inside a router or bridge where the packet is not protected by a link layer cyclic redundancy check. Packets with an invalid checksum are discarded by all nodes in an IP network
Hope you found it informative. Please check my other post if you are interested:
https://admin-ahead.com/forum/general-discussion/tcp-header-fields-an-overview/Keep visiting for more contents.