Internet Protocol (IP) essentially is the Internet layer. The other protocols found here merely exist
to support it. IP holds the big picture and could be said to “see all,” in that it’s aware of all the interconnected networks. It can do this because all the machines on the network have a software, or logical, address called an IP address. IP looks at each packet’s address. Then, using a routing table, it decides where a packet is
to be sent next, choosing the best path. The protocols of the Network Access layer at the bottom of the DoD model don’t possess IP’s enlightened scope of the entire network; they deal
only with physical links (local networks).
Identifying devices on networks requires answering these two questions: Which network is
it on? And what is its ID on that network? The first answer is the software address, or logical
address (the correct street). The second answer is the hardware address (the correct mailbox).
All hosts on a network have a logical ID called an IP address. This is the software, or logical,
address and contains valuable encoded information, greatly simplifying the complex task of
routing. IP receives segments from the Host-to-Host layer and fragments them into datagrams
(packets) if necessary. IP then reassembles datagrams back into segments on the receiving
side. Each datagram is assigned the IP address of the sender and of the recipient. Each router
(layer 3 device) that receives a datagram makes routing decisions based on the packet’s destination IP address.
IP header
The following fields make up the IP header:
Version IP version number.
Header length Header length (HLEN) in 32-bit words.
Priority and Type of Service Type of Service tells how the datagram should be handled. The
first 3 bits are the priority bits.
Total length Length of the packet including header and data.
Identification Unique IP-packet value.
Flags Specifies whether fragmentation should occur.
Fragment offset Provides fragmentation and reassembly if the packet is too large to put in a
frame. It also allows different maximum transmission units (MTUs) on the Internet.
Time to Live The time to live is set into a packet when it is originally generated. If it doesn’t
get to where it wants to go before the TTL expires, boom—it’s gone. This stops IP packets
from continuously circling the network looking for a home.
Protocol Port of upper-layer protocol (TCP is port 6 or UDP is port 17 [hex]). Also supports
Network layer protocols, like ARP and ICMP. Can be called Type field in some analyzers.
Header checksum Cyclic redundancy check (CRC) on header only.
Source IP address 32-bit IP address of sending station.
Destination IP address 32-bit IP address of the station this packet is destined for.
Options Used for network testing, debugging, security, and more.
Data After the IP option field will be the upper-layer data.
Here’s a snapshot of an IP packet caught on a network analyzer (notice that all the header
information discussed previously appears here):
IP Header - Internet Protocol Datagram
Version: 4
Header Length: 5
Precedence: 0
Type of Service: 0
Unused:
Total Length: 187
Identifier: 22486
Fragmentation Flags: %010 Do Not Fragment
Fragment
Offset: 0
Time To Live: 60
IP Type: 0x06 TCP
Header Checksum: 0xd031
Source IP Address: 10.7.1.30
Dest. IP Address: 10.7.1.10
No Internet Datagram Options
The Type field—it’s typically a Protocol field, but this analyzer sees it as an IP Type field—
is important. If the header didn’t carry the protocol information for the next layer, IP wouldn’t
know what to do with the data carried in the packet. The preceding example tells IP to hand
the segment to TCP.
0 Comments