Header Structure

What is IPv4 Header Structure?

The IPv4 Header Structure is a standardized format at the beginning of every IPv4 packet. It contains critical routing and delivery information such as source and destination IP addresses, packet length, time-to-live (TTL), protocol type, and more.

Why is IPv4 Header Structure useful?

It enables reliable packet delivery across IP networks by providing all the necessary information routers need to forward, fragment, and verify packets. Without the IPv4 header, devices wouldn’t know how to deliver data correctly.

How does IPv4 Header Structure work?

The IPv4 header contains fields that define how a packet should be processed. For example, the TTL field ensures packets don’t circulate endlessly, the Protocol field identifies the transport layer protocol, and the Header Checksum validates data integrity.

Where is IPv4 Header Structure used?

It is used in every IPv4 packet transmitted over an IP network. Whether it’s web traffic, email, streaming, or DNS — all data packets using IPv4 include this header.

Which OSI layer does IPv4 Header Structure belong to?

IPv4 Header Structure belongs to the Network Layer (Layer 3) of the OSI model. It provides logical addressing and routing functions essential for data transfer between networks.

Is IPv4 Header Structure Windows specific?

No, IPv4 is a platform-independent protocol. The IPv4 header is implemented across all operating systems that support networking, including Windows, Linux, and macOS.

Is IPv4 Header Structure Linux specific?

No, it’s not specific to Linux. While Linux offers more low-level access to headers (e.g., with tools like tcpdump or raw sockets), the IPv4 header is part of the standard networking stack on all systems.

Which Transport Protocol is used by IPv4 Header Structure?

IPv4 itself is not a transport protocol, but it supports transport protocols such as TCP, UDP, ICMP, etc. The header includes a “Protocol” field that identifies which transport layer protocol is being used.

Which Port is used by IPv4 Header Structure?

The IPv4 header does not contain port numbers. Ports belong to transport-layer protocols like TCP and UDP. The IPv4 header only helps route the packet to the correct host.

Is IPv4 Header Structure using client-server model?

The IPv4 header is used in all types of communication models — client-server, peer-to-peer, or multicast. It simply enables packet delivery between IP addresses, regardless of the application model.

What are the main fields in the IPv4 header?

The IPv4 header consists of several key fields: - Version: Specifies the IP version (IPv4). - IHL (Internet Header Length): Specifies the length of the header. - Type of Service (ToS): Specifies the desired quality of service. - Total Length: The length of the entire packet (header + data). - Identification: Identifies fragmented packets. - Flags: Indicates if a packet is fragmented. - Fragment Offset: Specifies the position of the fragment. - TTL (Time to Live): Limits the lifespan of a packet to prevent infinite loops. - Protocol: Specifies the transport layer protocol (TCP, UDP, ICMP, etc.). - Header Checksum: Validates the integrity of the header. - Source IP Address: The sender’s IP address. - Destination IP Address: The recipient’s IP address.

What is the maximum size of the IPv4 header?

The maximum size of the IPv4 header is 60 bytes, as the IHL field can specify a value between 5 (20 bytes) and 15 (60 bytes).

What is the significance of the TTL (Time to Live) field in the IPv4 header?

The TTL field limits the number of hops a packet can make across routers. Each router decreases the TTL by 1, and if the TTL reaches 0, the packet is discarded, preventing it from circulating indefinitely.

What is the purpose of the Header Checksum field in the IPv4 header?

The Header Checksum field is used for error-checking the integrity of the IPv4 header. It ensures that the header has not been corrupted during transmission.

What is the Fragment Offset field in the IPv4 header?

The Fragment Offset field specifies the position of a fragment in a larger packet. It is used when an IP packet is fragmented into smaller pieces to fit the Maximum Transmission Unit (MTU).

What is the role of the Identification field in the IPv4 header?

The Identification field is used to identify fragmented packets. When a packet is split into fragments, all fragments will have the same identification number, allowing the receiver to reassemble them.

What does the IHL (Internet Header Length) field represent?

The IHL field specifies the length of the IPv4 header in 32-bit words. It is used to calculate the start of the data portion of the packet.

Why is the Protocol field important in the IPv4 header?

The Protocol field specifies which higher-layer protocol (such as TCP, UDP, or ICMP) is being used in the data portion of the packet. This allows the receiving device to properly interpret the data.

What is the Total Length field in the IPv4 header?

The Total Length field indicates the total length of the entire packet, including both the header and the data portion. The maximum possible value is 65,535 bytes.

What is the significance of the Flags field in the IPv4 header?

The Flags field contains three bits that control fragmentation. The most significant bit is reserved, the second bit indicates whether the packet is fragmented, and the third bit indicates whether more fragments follow.

How does the Protocol field affect the processing of an IPv4 packet?

The Protocol field tells the receiver which protocol to use for processing the data portion of the packet. For example: - TCP (6) indicates a TCP segment. - UDP (17) indicates a UDP datagram. - ICMP (1) indicates an ICMP message.

What does the Source IP Address field represent in the IPv4 header?

The Source IP Address field contains the IP address of the device that originated the packet. It is used to return responses or for tracing the packet’s origin.

What does the Destination IP Address field represent in the IPv4 header?

The Destination IP Address field contains the IP address of the device that should receive the packet. This is the address to which the packet will be routed.

What is the difference between the IPv4 header and the transport layer header?

The IPv4 header contains information needed for routing and delivery at the network layer (Layer 3), while the transport layer header (TCP or UDP) contains details about communication between processes on different devices.

What is the purpose of the IHL field in the IPv4 header?

The IHL field specifies the length of the IPv4 header in 32-bit words. This helps determine where the data portion of the packet begins, which is essential for proper packet processing.

What is the difference between the “Flags” and “Fragment Offset” fields in the IPv4 header?

The Flags field indicates whether a packet is fragmented or if more fragments follow, while the Fragment Offset field specifies the position of the fragment in the original packet.

Why is the Header Checksum field required in the IPv4 header?

The Header Checksum is used to verify the integrity of the IPv4 header to detect errors introduced during transmission. If the checksum fails, the packet is discarded.

What is the purpose of the “Type of Service” (ToS) field in the IPv4 header?

The Type of Service field is used to specify the quality of service (QoS) for the packet. It is used for prioritization, allowing routers to give priority to critical or real-time traffic.

Topics in this section,

  • In this section, you are going to learn

  • Terminology

  • Version Info

Objective

Verify the structure and key fields of an IPv4 header by analyzing a captured network packet.

Test Setup

  • Laptop 1

    • Assign the IPv4 address 192.168.1.10/24 to the enp0s8 network interface.

    • Bring up the interface.

    test:~$ sudo ip addr add 192.168.1.10/24 dev enp0s8
test:~$ sudo ip link set enp0s8 up

  • Laptop 2

    • Assign the IPv4 address 192.168.1.20/24 to the enp0s8 network interface.

    • Bring up the interface.

    • Start a Wireshark capture on the network link.

    • Send a single ICMP packet to Laptop 1 to generate traffic.

    test:~$ sudo ip addr add 192.168.1.20/24 dev enp0s8
test:~$ sudo ip link set enp0s8 up
test:~$ ping 192.168.1.10 -c 1

Procedure and Analysis

  • Packet Examination

    • In Wireshark, select the ICMP Echo Request packet from Laptop 2 to Laptop 1.

    • Expand the “Internet Protocol Version 4” section in the packet details pane.

  • Header Validation

    • Version: The Version field must be 4, confirming it is an IPv4 packet.

    • Header Length: The Header Length field should be 20 bytes (5 words), indicating a standard IPv4 header without options.

    • Type of Service (TOS): Check if TOS/DSCP values are standard (often 0 for normal traffic).

    • Total Length: Should match the packet size seen in Wireshark.

    • Identification, Flags, Fragment Offset: Verify default values; fragmentation should not occur for small ICMP packets.

    • Time to Live (TTL): Typical default values are 64 (Linux/macOS) or 128 (Windows).

    • Protocol: Must be 1 for ICMP.

    • Source Address: 192.168.1.20.

    • Destination Address: 192.168.1.10.

    • Checksum: Ensure header checksum is valid (Wireshark usually flags errors if not).

    • Apply an ICMP filter in Wireshark for focused analysis.

Note

  • TTL of 64 is a common default for Linux; Windows uses 128.

  • Fragmentation fields should show zero unless the packet is fragmented.

  • DSCP/TOS may be used for QoS; default is usually 0.

  • IPv4 checksum ensures header integrity; errors indicate corruption or misconfiguration.

Wireshark Capture

Download wireshark capture

Note

  • Use the capture to inspect all IPv4 header fields.

  • Confirm that ICMP type=8 (Echo Request) and type=0 (Echo Reply) appear correctly.

  • This test helps understand how packet headers define addressing, routing, and protocol handling in IPv4.

Header Structure - Testcases

Header Structure - Test Cases

#

Test Case

Description

Expected Result

1

Valid IPv4 Header

All fields correctly set

Packet accepted

2

Invalid Version Field

Version ? 4

Packet dropped

3

Valid IHL Field

IHL = 5 (20 bytes)

Header accepted

4

Invalid IHL Field

IHL < 5

Packet dropped

5

Valid Total Length

Length ? header + data

Packet accepted

6

Invalid Total Length

Length < header size

Packet dropped

7

Valid Identification Field

Unique ID set

Used for fragmentation

8

Duplicate Identification Field

Same ID reused

May cause reassembly issues

9

Valid Flags Field

DF or MF set correctly

Fragmentation behavior respected

10

Invalid Flags Field

Reserved bit set

Packet dropped or logged

11

Valid Fragment Offset

Offset aligned to 8 bytes

Packet accepted

12

Invalid Fragment Offset

Misaligned offset

Packet dropped

13

Valid TTL Field

TTL > 0

Packet forwarded

14

TTL = 0

TTL expired

ICMP Time Exceeded sent

15

TTL Decrement

TTL decremented by each router

Packet dropped if TTL = 0

16

Valid Protocol Field

Protocol = TCP/UDP/ICMP

Packet processed accordingly

17

Unknown Protocol Field

Unsupported protocol

Packet dropped

18

Valid Header Checksum

Correct checksum

Packet accepted

19

Invalid Header Checksum

Corrupted checksum

Packet dropped

20

Header Checksum Recalculation

After TTL decrement

Checksum updated

21

Valid Source IP Address

Proper IPv4 address

Packet accepted

22

Invalid Source IP Address

0.0.0.0 or broadcast

Packet dropped

23

Valid Destination IP Address

Proper IPv4 address

Packet routed

24

Invalid Destination IP Address

255.255.255.255

Packet broadcasted

25

Valid Options Field

Options present, IHL > 5

Packet accepted

26

Invalid Options Field

Malformed options

Packet dropped

27

No Options Field

IHL = 5

Standard header

28

Padding Present

Padding added to align header

Packet accepted

29

Padding Missing

Misaligned header

Packet dropped

30

Header Length Mismatch

IHL ? actual header size

Packet dropped

31

Header with Timestamp Option

Timestamp option set

Router logs timestamp

32

Header with Record Route Option

Route recorded

Intermediate routers append IPs

33

Header with Source Route Option

Strict/loose source routing

Packet follows specified path

34

Header with Security Option

Security level set

Used in classified networks

35

Header with Router Alert Option

Routers inspect packet

Used for RSVP, IGMP

36

Header with End of Option List

Properly terminated options

Packet accepted

37

Header with No Operation Option

Padding between options

Packet accepted

38

Header with Invalid Option Code

Unknown option

Packet dropped or ignored

39

Header with Overlapping Options

Options overlap

Packet dropped

40

Header with Excessive Options

IHL > 15

Packet dropped

41

Header with Reserved Bits Set

Reserved bits ? 0

Packet dropped or logged

42

Header with All Fields Zero

Empty header

Packet dropped

43

Header with Max Total Length

65535 bytes

Packet accepted if supported

44

Header with Min Total Length

20 bytes

Header only, no data

45

Header with Fragmented Packet

MF set, offset > 0

Reassembly required

46

Header with Last Fragment

MF = 0, offset > 0

Final fragment

47

Header with First Fragment

MF = 1, offset = 0

First fragment

48

Header with Non-Fragmented Packet

MF = 0, offset = 0

Single packet

49

Header with DF Set and Large Packet

DF = 1, size > MTU

ICMP Fragmentation Needed sent

50

Header with DF Cleared and Large Packet

DF = 0, size > MTU

Packet fragmented

  • Reference links