IP Packet Structure

Now that you know what IP is, let’s look at the actual packet structure in more detail. The
following is an IP packet that was broken down by EtherPeek, a network analyzer. The entire
header has six layers, and each layer consists of 32 bits. Look at each section of the header
and get an explanation for each:
IP Header - Internet Protocol Datagram
Version: 4
Header Length: 5
Precedence: 0
Type of Service: 0
Unused:
Total Length: 60
Identifier: 0
Fragmentation Flags: 0
Fragment Offset: 0
Time To Live: 2
IP Type: 0x58 EIGRP
Header Checksum: 0x10dc
Source IP Address: 205.124.250.7
Dest. IP Address: 224.0.0.10
No Internet Datagram Options

At this point, we will define the key fields that appear in this listing. As you can see, the
packet IP header starts out with the Version field. Right now, the standard is IPv4. The version
parameter uses four of the 32 bits available.
The next field is the IP Header Length, or IHL. This field also uses another four bits, and it
specifies the datagram header length in 32-bit words.
The Type of Service (TOS field) follows the IHL. This field uses eight bits and indicates
datagram priority and how other OSI layers are to handle the datagram once they receive it.
Following the TOS field is the Total Length parameter. This field indicates how long the
packet is, including header and payload or data. The length is in units of bytes. The field itself
uses 16 bits, which brings the total for these fields to 32 bits or four bytes.
The second field begins with the Identifier or Identification field. The Identifier is
a 16-bit field that contains an integer value that identifies the packet. It is like a sequencing number
that is used when reassembling datagram fragments.
The Fragmentation Flags field follows, using only three bits. This field is used to control
fragmentation of a datagram. If the datagram can be fragmented, the first bit has a value of 0;
otherwise, a value of 1 is assigned to the first bit if the datagram is not to be fragmented. The
second bit is used to indicate the last fragment of a fragmented datagram. The third bit is an
undefined bit and is set to 0.
Fragment Offset follows the Flags field. This value uses 13 bits and specifies the fragment’s
position in the original datagram. The position is measured from the beginning of the datagram
and marked off in 64-bit increments. This again brings you to 32 bits, so you must move down
to the next layer in the IP packet.
The third field begins with the Time-to-Live (TTL) field, which is a counter whose units are
measured in hops. A starting value is given, and it counts decrements by 1 as it passes through each
hop or router. Once the value of this field is 0, the packet is discarded. This field uses eight bits.
The protocol field (IP Type) follows the TTL parameter. This field tells layer 3 which upper
layer protocol is supposed to receive the packet. It uses a decimal value to specify the protocol.
This field uses eight bits.
The Header Checksum field finishes the third layer. The checksum is used to help verify the
integrity of the IP header. This field uses 16 bits.
The next two fields are the Source IP Address and Dest. IP Address respectively. Both
of these fields are 32 bits long.
An Options field occupies the final field of the header. The field needs to be 32 bits long, so
any additional empty bits are padded.
Figure 36.13 gives a good visual representation of the IP packet structure.