Understanding IP PDU Details For IPV4 And IPV6

Understanding IP PDU Details For IPV4 And IPV6

IP was designed as a Layer 3 connectionless protocol. It provides the necessary functions to deliver a packet from a source host to a destination host over an interconnected system of networks. The protocol was not designed to track and manage the flow of packets. These functions, if required, are performed primarily by TCP at Layer 4.

IP makes no effort to validate whether the source IP address contained in a packet actually came from that source. For this reason, threat actors can send packets using a spoofed source IP address. In addition, threat actors can tamper with the other fields in the IP header to carry out their attacks. Therefore, it is important for security analysts to understand the different fields in both the IPv4 and IPv6 headers.

The IPv4 Packet Header

The fields in the IPv4 packet header are shown in the figure.
The figure shows five rows of words. Above the rows are four uniform sections labelled byte 1 byte 2 bytes 3 bytes 4.
Down the side of the rows, there is a line with arrows at both ends running from top to bottom labelled 20 bytes. The top row has 4 major blocks. The first block is labelled version and its size is half of byte 1.
The next block is the internet header length that takes the rest of byte 1. Byte 2 is taken up by differentiated services (DS) which are subdivided into D S C P and E C N. Bytes 3 and 4 have a block labelled total length. The second row has three sections: identification that runs across bytes 1 and 2, a flag that uses up three-quarters of byte 3, and fragment offset that takes the rest.
Row 3 has 3 major sections labelled time to live that takes up byte 1, a protocol that takes up byte 2, and a header checksum that takes bytes 3 and 4. Row 4 is labelled source IP address and runs across the 4 bytes. Row 5 is labelled destination IP address and runs across the 4 bytes.

IPv4 Packet Header

The table describes the IPv4 header fields.
IPv4 Header Field Description
Version
  • Contains a 4-bit binary value set to 0100 that identifies this as an IPv4 packet.
Internet Header length
  • A 4-bit field containing the length of the IP header.
  • The minimum length of an IP header is 20 bytes.
Differentiated Services or DiffServ (DS)
  • Formerly called the Type of Service (ToS) field, the DS field is an 8-bit field used to determine the priority of each packet.
  • The six most significant bits of the DiffServ field are the Differentiated Services Code Point (DSCP).
  • The last two bits are the Explicit Congestion Notification (ECN) bits.
Total length
  • Specifies the length of the IP packet including the IP header and the user data.
  • The total length field is 2 bytes, so the maximum size of an IP packet is 65,535 bytes however packets are much smaller in practice.
Identification, Flag, and Fragment offset
  • As an IP packet moves through the internet, it might need to cross a route that cannot handle the size of the packet.
  • The packet will be divided, or fragmented, into smaller packets and reassembled later.
  • These fields are used to fragment and reassemble packets.
Time-to-Live (TTL)
  • Contains an 8-bit binary value that is used to limit the lifetime of a packet.
  • The packet sender sets the initial TTL value, and it is decreased by one each time the packet is processed by a router.
  • If the TTL field decrements to zero, the router discards the packet and sends an Internet Control Message Protocol (ICMP) Time Exceeded message to the source IP address.
Protocol
  • Field is used to identify the next level protocol.
  • This 8-bit binary value indicates the data payload type that the packet is carrying, which enables the network layer to pass the data to the appropriate upper-layer protocol.
  • Common values include ICMP (1), TCP (6), and UDP (17).
Header checksum
  • A value that is calculated based on the contents of the IP header.
  • Used to determine if any errors have been introduced during transmission.
Source IPv4 Address
  • Contains a 32-bit binary value that represents the source IPv4 address of the packet.
  • The source IPv4 address is always a unicast address.
Destination IPv4 Address
  • Contains a 32-bit binary value that represents the destination IPv4 address of the packet.
Options and Padding
  • This is a field that varies in length from 0 to a multiple of 32 bits.
  • If the option values are not a multiple of 32 bits, 0s are added or padded to ensure that this field contains a multiple of 32 bits.
PEOPLE ALSO READ:  Understanding Security Policy Regulations And Standards

The IPv6 Packet Header

There are eight fields in the IPv6 packet header, as shown in the figure.
The figure shows four rows of words. Above the rows are four uniform sections labeled byte 1 byte 2 bytes 3 bytes 4. Down the side of the rows, there is a line with arrows at both ends running from top to bottom labelled 40 bytes. The top row has 4 major blocks.
The first block is labelled version and its size is half of byte 1. The next block is the traffic class that takes the rest of byte 1 and half of byte 2. The last block is labeled flow label that takes half of byte 2 and all of bytes 3 and 4. Byte 2 is taken up by differentiated services (DS) which are subdivided into D S C P and E C N.
Bytes 3 and 4 have a block labelled total length. The second row has three sections: payload length that runs across bytes 1 and 2, next header that uses byte 3, and hops limit that uses byte 4. The third row is labelled source IP address and runs across the 4 bytes. The fourth row is labelled destination IP address and runs across the 4 bytes.

IPv6 Packet Header

 

The table describes the IPv6 header fields.
IPv6 Header Field Description
Version
  • This field contains a 4-bit binary value set to 0110 that identifies this as an IPv6 packet.
Traffic Class
  • This 8-bit field is equivalent to the IPv4 Differentiated Services (DS) field.
Flow Label
  • This 20-bit field suggests that all packets with the same flow label receive the same type of handling by routers.
Payload Length
  • This 16-bit field indicates the length of the data portion or payload of the IPv6 packet.
Next Header
  • This 8-bit field is equivalent to the IPv4 Protocol field.
  • It indicates the data payload type that the packet is carrying, enabling the network layer to pass the data to the appropriate upper-layer protocol.
Hop Limit
  • This 8-bit field replaces the IPv4 TTL field.
  • This value is decremented by a value of 1 by each router that forwards the packet.
  • When the counter reaches 0, the packet is discarded, and an ICMPv6 Time Exceeded message is forwarded to the sending host, indicating that the packet did not reach its destination because the hop limit was exceeded.
Source IPv6 Address
  • This 128-bit field identifies the IPv6 address of the sending host.
Destination IPv6 Address
  • This 128-bit field identifies the IPv6 address of the receiving host.
PEOPLE ALSO READ:  Understanding CIA Triad In Cyber Security
An IPv6 packet may also contain extension headers (EH) that provide optional network layer information. Extension headers are optional and are placed between the IPv6 header and the payload. EHs are used for fragmentation, security, to support mobility, and more.
Unlike IPv4, routers do not fragment routed IPv6 packets.

 

truehost
telegram
CRMNuggets Whatsapp Channel
About Adeniyi Salau 1549 Articles
Adeniyi Salau is a highly dedicated and committed Blogger of repute. He likes sharing his IT knowledge with others. My desire is to impact as many lives as possible with my IT skills. You can download my mobile APP. Download the ICTLOAD APP on Google Playstore. Thanks.

Be the first to comment

Leave a Reply

Your email address will not be published.


*