In this article, we will explain the header section of an IPv4 packet. The IPv4 header has a variable length of 20-60 bytes, depending on the IP options present. It consists of 14 fields, of which 13 are mandatory.
Let’s take a look at each field individually:
Version (4 bits): The version of the IP packet. For IPv4 it is always equal to 4.
IHL (Internet Header Length; 4 bits): Internet Header Length is a variable field which contains the size of the IPv4 header. The minimum value for this field is 5 (5 × 32 bits = 160 bits = 20 bytes) and the maximum is 15 (5 × 32 bits, or 480 bits = 60 bytes), which indicates a length of the header from 20 to 60 bytes.
DSCP (Differentiated Services Code Point; 6 bits): It is used for data packet classification, managing network traffic and providing quality of service (QoS). DSCP controls network traffic by class so that certain types of traffic get precedence – for example, voice traffic, which requires a relatively uninterrupted flow of data, might get precedence over other kinds of traffic. It allows 64 different values (0 to 63).
ECN (Explicit Congestion Notification; 2 bits): Optional feature used only when both endpoints support it, which allows end-to-end notification of network congestion without dropping packets. The ECN-aware transports can properly adapt their rates to congestion without requiring packet loss and congestion feedback can be quicker with ECN because detecting a dropped packet requires a timeout.
Total Length (16 bits): Defines the packet size in bytes, including header and data. The minimum size is 20 bytes (if you have 0 bytes of data) and the maximum size is 65.535 bytes (maximum value of 16-bit word).
Identification (16 bits): A value which is used for uniquely identifying the group of fragments of a single IP datagram. If there is only one unfragmented packet then it will be the only packet with that specific identification value. For fragmented packets, the value is the same across all of the fragments and is used by the destination device to reassemble the data.
Flags (3 bits): It is a sequence of three flags used to control whether routers are allowed to fragment a packet and to indicate the parts of a packet to the receiver. The first bit is always set to 0. The second bit represents whether a packet is allowed to be fragmented or split into multiple pieces (0 – allowed; 1 – not allowed). The third bit represents the “location” of a packet in a series of fragmented packets (0 – last fragment in a series; 1 – more fragments should be expected).
Fragment Offset (13 bits): It is used to indicate to the destination device where a received fragment should be placed when all of the data from the packet is being reassembled. Packets which are not fragmented and the first packet in a series of fragmented packets will always have a fragment offset set to 0.
Time To Live (8 bits): The field is used to limit the amount of time that a packet is allowed to exist on the network to prevent datagrams from persisting (e.g. going in circles). It is represented in seconds and time intervals less than 1 second are rounded up to 1. Each device that receives a packet decrements the TTL value by at least 1 regardless of whether the processing took less than a second. When a device decrements the value of the TTL field to 0, it is required to drop the packet.
Protocol (8 bits): It indicates the next level protocol that is contained within the data portion of the packet. The most common values maintained by IANA (Internet Assigned Numbers Authority) include:
- Transmission Control Protocol (TCP) – value of 0x06 (hex) or 00000110 (binary)
- User Datagram Protocol (UDP) – value of 0x11 (hex) or 00010001 (binary)
- Internet Control Message Protocol (ICMP) – value of 0x01 (hex) or 00000001 (binary)
Header Checksum (16 bits): Checksum provides a mathematical method of verifying that the header has not been corrupted when being transmitted from one device to another. A checksum value is derived from the contents of the header at the source and is recomputed at the destination. If the values do not match, the packet will be discarded. The checksum is recomputed at each device and reset in the header because the contents of the TTL field change from device to device.
Source IP Address (32 bits): Indicates the source IP address.
Destination IP Address (32 bits): Indicates the destination IP address.
Options (if IHL>5; up to 32 bits): The field is optional and variable in length depending on the options that are being set. Due to the limited size of the IPv4 header or concerns regarding security, many of the options are no longer practical or desirable. Pad bytes with a value of 0 are added if necessary to ensures that the header is always a multiple of 32 bits (as required by the IHL field).
Options are identified by the following fields:
- Option Type – which is subdivided into three subfields: Copied (1 bit), Option Class (2 bits), and Option Number (5 bits)
- Option Length (8 bits) – indicates the size of the entire option, including all three subfields shown here, in bytes.
- Option Data (variable) – contains data to be sent as part of the option.
For most options, all three subfields are used. For a few simple options, this complex substructure is not needed and in those cases, the Option Type itself communicates all the information required, while the Option Length and Option Data subfields are omitted.