Header Structure ========================= .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is IPv4 Header Structure?** The IPv4 Header Structure is a standardized format at the beginning of every IPv4 packet. It contains critical routing and delivery information such as source and destination IP addresses, packet length, time-to-live (TTL), protocol type, and more. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Why is IPv4 Header Structure useful?** It enables reliable packet delivery across IP networks by providing all the necessary information routers need to forward, fragment, and verify packets. Without the IPv4 header, devices wouldn’t know how to deliver data correctly. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **How does IPv4 Header Structure work?** The IPv4 header contains fields that define how a packet should be processed. For example, the TTL field ensures packets don’t circulate endlessly, the Protocol field identifies the transport layer protocol, and the Header Checksum validates data integrity. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Where is IPv4 Header Structure used?** It is used in every IPv4 packet transmitted over an IP network. Whether it's web traffic, email, streaming, or DNS — all data packets using IPv4 include this header. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which OSI layer does IPv4 Header Structure belong to?** IPv4 Header Structure belongs to the **Network Layer (Layer 3)** of the OSI model. It provides logical addressing and routing functions essential for data transfer between networks. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is IPv4 Header Structure Windows specific?** No, IPv4 is a platform-independent protocol. The IPv4 header is implemented across all operating systems that support networking, including Windows, Linux, and macOS. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is IPv4 Header Structure Linux specific?** No, it’s not specific to Linux. While Linux offers more low-level access to headers (e.g., with tools like `tcpdump` or raw sockets), the IPv4 header is part of the standard networking stack on all systems. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which Transport Protocol is used by IPv4 Header Structure?** IPv4 itself is not a transport protocol, but it supports transport protocols such as **TCP**, **UDP**, **ICMP**, etc. The header includes a “Protocol” field that identifies which transport layer protocol is being used. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which Port is used by IPv4 Header Structure?** The IPv4 header does **not contain port numbers**. Ports belong to transport-layer protocols like TCP and UDP. The IPv4 header only helps route the packet to the correct host. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is IPv4 Header Structure using client-server model?** The IPv4 header is used in **all types of communication models** — client-server, peer-to-peer, or multicast. It simply enables packet delivery between IP addresses, regardless of the application model. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What are the main fields in the IPv4 header?** The IPv4 header consists of several key fields: - **Version**: Specifies the IP version (IPv4). - **IHL (Internet Header Length)**: Specifies the length of the header. - **Type of Service (ToS)**: Specifies the desired quality of service. - **Total Length**: The length of the entire packet (header + data). - **Identification**: Identifies fragmented packets. - **Flags**: Indicates if a packet is fragmented. - **Fragment Offset**: Specifies the position of the fragment. - **TTL (Time to Live)**: Limits the lifespan of a packet to prevent infinite loops. - **Protocol**: Specifies the transport layer protocol (TCP, UDP, ICMP, etc.). - **Header Checksum**: Validates the integrity of the header. - **Source IP Address**: The sender's IP address. - **Destination IP Address**: The recipient's IP address. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the maximum size of the IPv4 header?** The maximum size of the IPv4 header is **60 bytes**, as the IHL field can specify a value between 5 (20 bytes) and 15 (60 bytes). .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the significance of the TTL (Time to Live) field in the IPv4 header?** The TTL field limits the number of hops a packet can make across routers. Each router decreases the TTL by 1, and if the TTL reaches 0, the packet is discarded, preventing it from circulating indefinitely. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the purpose of the Header Checksum field in the IPv4 header?** The Header Checksum field is used for error-checking the integrity of the IPv4 header. It ensures that the header has not been corrupted during transmission. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the Fragment Offset field in the IPv4 header?** The Fragment Offset field specifies the position of a fragment in a larger packet. It is used when an IP packet is fragmented into smaller pieces to fit the Maximum Transmission Unit (MTU). .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the role of the Identification field in the IPv4 header?** The Identification field is used to identify fragmented packets. When a packet is split into fragments, all fragments will have the same identification number, allowing the receiver to reassemble them. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What does the IHL (Internet Header Length) field represent?** The IHL field specifies the length of the IPv4 header in 32-bit words. It is used to calculate the start of the data portion of the packet. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Why is the Protocol field important in the IPv4 header?** The Protocol field specifies which higher-layer protocol (such as TCP, UDP, or ICMP) is being used in the data portion of the packet. This allows the receiving device to properly interpret the data. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the Total Length field in the IPv4 header?** The Total Length field indicates the total length of the entire packet, including both the header and the data portion. The maximum possible value is 65,535 bytes. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the significance of the Flags field in the IPv4 header?** The Flags field contains three bits that control fragmentation. The most significant bit is reserved, the second bit indicates whether the packet is fragmented, and the third bit indicates whether more fragments follow. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **How does the Protocol field affect the processing of an IPv4 packet?** The Protocol field tells the receiver which protocol to use for processing the data portion of the packet. For example: - **TCP** (6) indicates a TCP segment. - **UDP** (17) indicates a UDP datagram. - **ICMP** (1) indicates an ICMP message. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What does the Source IP Address field represent in the IPv4 header?** The Source IP Address field contains the IP address of the device that originated the packet. It is used to return responses or for tracing the packet's origin. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What does the Destination IP Address field represent in the IPv4 header?** The Destination IP Address field contains the IP address of the device that should receive the packet. This is the address to which the packet will be routed. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the difference between the IPv4 header and the transport layer header?** The IPv4 header contains information needed for routing and delivery at the network layer (Layer 3), while the transport layer header (TCP or UDP) contains details about communication between processes on different devices. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the purpose of the IHL field in the IPv4 header?** The IHL field specifies the length of the IPv4 header in 32-bit words. This helps determine where the data portion of the packet begins, which is essential for proper packet processing. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the difference between the "Flags" and "Fragment Offset" fields in the IPv4 header?** The Flags field indicates whether a packet is fragmented or if more fragments follow, while the Fragment Offset field specifies the position of the fragment in the original packet. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Why is the Header Checksum field required in the IPv4 header?** The Header Checksum is used to verify the integrity of the IPv4 header to detect errors introduced during transmission. If the checksum fails, the packet is discarded. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the purpose of the "Type of Service" (ToS) field in the IPv4 header?** The Type of Service field is used to specify the quality of service (QoS) for the packet. It is used for prioritization, allowing routers to give priority to critical or real-time traffic. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow Topics in this section, * :ref:`Learnings in this section ` * :ref:`Terminology ` * :ref:`Version Info ` * :ref:`Header Structure Basic Setup on Ubuntu using IPv4 ` * :ref:`IPv4 Feature : Header Structure ` * :ref:`Reference links ` .. _Header_Structure_step1: .. tab-set:: .. tab-item:: Learnings in this section * In this section, you are going to learn .. _Header_Structure_step2: .. tab-set:: .. tab-item:: Terminology * Terminology .. _Header_Structure_step3: .. tab-set:: .. tab-item:: Version Info * Version Info .. _Header_Structure_step18: .. tab-set:: .. tab-item:: IPv4 Header Structure Test Case **Objective** Verify the structure and key fields of an IPv4 header by analyzing a captured network packet. **Test Setup** * Laptop 1 * Assign the IPv4 address ``192.168.1.10/24`` to the ``enp0s8`` network interface. * Bring up the interface. .. code-block:: shell test:~$ sudo ip addr add 192.168.1.10/24 dev enp0s8 test:~$ sudo ip link set enp0s8 up * Laptop 2 * Assign the IPv4 address ``192.168.1.20/24`` to the ``enp0s8`` network interface. * Bring up the interface. * Start a Wireshark capture on the network link. * Send a single ICMP packet to Laptop 1 to generate traffic. .. code-block:: shell test:~$ sudo ip addr add 192.168.1.20/24 dev enp0s8 test:~$ sudo ip link set enp0s8 up test:~$ ping 192.168.1.10 -c 1 **Procedure and Analysis** * Packet Examination * In Wireshark, select the ICMP Echo Request packet from Laptop 2 to Laptop 1. * Expand the "Internet Protocol Version 4" section in the packet details pane. * Header Validation * Version: The **Version** field must be ``4``, confirming it is an IPv4 packet. * Header Length: The **Header Length** field should be ``20 bytes`` (5 words), indicating a standard IPv4 header without options. * Type of Service (TOS): Check if TOS/DSCP values are standard (often ``0`` for normal traffic). * Total Length: Should match the packet size seen in Wireshark. * Identification, Flags, Fragment Offset: Verify default values; fragmentation should not occur for small ICMP packets. * Time to Live (TTL): Typical default values are ``64`` (Linux/macOS) or ``128`` (Windows). * Protocol: Must be ``1`` for ICMP. * Source Address: ``192.168.1.20``. * Destination Address: ``192.168.1.10``. * Checksum: Ensure header checksum is valid (Wireshark usually flags errors if not). * Apply an ICMP filter in Wireshark for focused analysis. .. note:: * TTL of 64 is a common default for Linux; Windows uses 128. * Fragmentation fields should show zero unless the packet is fragmented. * DSCP/TOS may be used for QoS; default is usually ``0``. * IPv4 checksum ensures header integrity; errors indicate corruption or misconfiguration. **Wireshark Capture** :download:`Download wireshark capture ` .. note:: * Use the capture to inspect all IPv4 header fields. * Confirm that ICMP type=8 (Echo Request) and type=0 (Echo Reply) appear correctly. * This test helps understand how packet headers define addressing, routing, and protocol handling in IPv4. .. _Header_Structure_step4: .. tab-set:: .. tab-item:: IPv4 Feature : Header Structure **Header Structure - Testcases** .. csv-table:: :file: ./IPv4_Header_Structure/IPv4_Feature2_Header_Structure_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _Header_Structure_step17: .. tab-set:: .. tab-item:: Reference links * Reference links