IP was designed as a Layer 3 connectionless protocol. It provides the necessary functions to deliver a packet from a source host to a destination host over an interconnected system of networks. The protocol was not designed to track and manage the flow of packets. These functions, if required, are performed primarily by TCP at Layer 4.
IP makes no effort to validate whether the source IP address contained in a packet actually came from that source. For this reason, threat actors can send packets using a spoofed source IP address. In addition, threat actors can tamper with the other fields in the IP header to carry out their attacks. Therefore, it is important for security analysts to understand the different fields in both the IPv4 and IPv6 headers.
The IPv4 Packet Header
The fields in the IPv4 packet header are shown in the figure.
The figure shows five rows of words. Above the rows are four uniform sections labelled byte 1 byte 2 bytes 3 bytes 4.
Down the side of the rows, there is a line with arrows at both ends running from top to bottom labelled 20 bytes. The top row has 4 major blocks. The first block is labelled version and its size is half of byte 1.
The next block is the internet header length that takes the rest of byte 1. Byte 2 is taken up by differentiated services (DS) which are subdivided into D S C P and E C N. Bytes 3 and 4 have a block labelled total length. The second row has three sections: identification that runs across bytes 1 and 2, a flag that uses up three-quarters of byte 3, and fragment offset that takes the rest.
Row 3 has 3 major sections labelled time to live that takes up byte 1, a protocol that takes up byte 2, and a header checksum that takes bytes 3 and 4. Row 4 is labelled source IP address and runs across the 4 bytes. Row 5 is labelled destination IP address and runs across the 4 bytes.
IPv4 Packet Header
The table describes the IPv4 header fields.
| IPv4 Header Field | Description |
|---|---|
| Version |
|
| Internet Header length |
|
| Differentiated Services or DiffServ (DS) |
|
| Total length |
|
| Identification, Flag, and Fragment offset |
|
| Time-to-Live (TTL) |
|
| Protocol |
|
| Header checksum |
|
| Source IPv4 Address |
|
| Destination IPv4 Address |
|
| Options and Padding |
|
The IPv6 Packet Header
There are eight fields in the IPv6 packet header, as shown in the figure.
The figure shows four rows of words. Above the rows are four uniform sections labeled byte 1 byte 2 bytes 3 bytes 4. Down the side of the rows, there is a line with arrows at both ends running from top to bottom labelled 40 bytes. The top row has 4 major blocks.
The first block is labelled version and its size is half of byte 1. The next block is the traffic class that takes the rest of byte 1 and half of byte 2. The last block is labeled flow label that takes half of byte 2 and all of bytes 3 and 4. Byte 2 is taken up by differentiated services (DS) which are subdivided into D S C P and E C N.
Bytes 3 and 4 have a block labelled total length. The second row has three sections: payload length that runs across bytes 1 and 2, next header that uses byte 3, and hops limit that uses byte 4. The third row is labelled source IP address and runs across the 4 bytes. The fourth row is labelled destination IP address and runs across the 4 bytes.
IPv6 Packet Header
The table describes the IPv6 header fields.
| IPv6 Header Field | Description |
|---|---|
| Version |
|
| Traffic Class |
|
| Flow Label |
|
| Payload Length |
|
| Next Header |
|
| Hop Limit |
|
| Source IPv6 Address |
|
| Destination IPv6 Address |
|
An IPv6 packet may also contain extension headers (EH) that provide optional network layer information. Extension headers are optional and are placed between the IPv6 header and the payload. EHs are used for fragmentation, security, to support mobility, and more.
Unlike IPv4, routers do not fragment routed IPv6 packets.
Unlike IPv4, routers do not fragment routed IPv6 packets.
Fact Check Policy
CRMNIGERIA is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.
Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that because I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained include staff of Dangote Refinery, FCMB, Zenith Bank, and New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training.
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that because I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained include staff of Dangote Refinery, FCMB, Zenith Bank, and New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training.
I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.
Fact Check Policy
CRMNIGERIA is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.
PEOPLE ALSO READ: Examining Transport Layer Characteristics In Networking
Powered by Inline Related Posts
|
Leave a Reply