Overview of IPv4 Header Format
IPV4 header format is of 20 to 60 bytes in length, contains information essential to routing and delivery, consist of 13 fields, VER, HLEN, service type, total length, identification, flags, fragmentation offset, time to live, protocol, header checksum, source IP address, Destination IP address and option + padding, where each has its own features and provides essential data required to transmit the data.
An IPv4 packet header has a total of 14 fields; among these 14 fields, only one is optional, which is aptly known as the options component.
IPv4 Header Format Component
Below is the list mentioned.
- Version.
- Internet Header Length.
- Type of Service.
- Explicit Congestion Notification.
- Total Length.
- Identification.
- Flags.
- Fragment Offset
- Time to live.
- Protocol.
- A checksum of header.
- Source Address.
- Destination Address.
- Options.
Let’s take a look at these components, their sizes and what they can do:
- Version: The first header field is a 4-bit version indicator. In the case of IPv4, the value of its four bits is set to 0100, which indicates 4 in binary.
- Internet Header Length: IHL is the 2nd field of an IPv4 header, and it is of 4 bits in size. This header component is used to show how many 32-bit words are present in the header. As we know, IPv4 headers have a variable size, so this is used to specify the size of the header to avoid any errors. This size can be between 20 bytes to 60 bytes.
- Type of Service: ToS is also called Differentiated Services Code Point or DSCP. This field is used to provide features related to service quality, such as for data streaming or Voice over IP (VoIP) calls. It is used to specific how a datagram will be handled.
- Explicit Congestion Notification: ECN is used to send notifications to the sender or receive in situations where network congestion happens. This is an optional feature of IPv4 can; if one of the endpoints don’t support it, it is not used.
- Total Length: This field’s size is 16 bit, and it is used to denote the size of the entire datagram. The minimum size of an IP datagram is 20 bytes, and at the maximum, it can be 65,535 bytes. Practically, all hosts are required to be able to read 576-byte datagrams. If a datagram is too large for the hosts in the network, fragmentation is used, which is handled in the host or packet switch.
- Identification: The identification or ID field in a packet can identify an IP datagram’s fragments uniquely. Some have suggested using this field for other things such as adding information for packet tracing etc.
- Flags: flag in an IPv4 header is a three-bit field that is used to control and identify fragments. The following can be their possible configuration:
- Bit 0: this is reserved and has to be set to zero
- Bit 1: DF or do not fragment
- Bit 2: MF or more fragments.
- Fragment Offset: This field is 13 bit long in length, and it is measured by blocks that units of 8-byte blocks. These are used to specify the offset of a fragment relative to the start of the IP datagram, which when it was not fragmented. As you can expect, the first offset of a fragment is always set to zero. The maximum possible offset is ( 213-1 ) * 8 = 65528, but it is more than the maximum possible IP Packet length, which is 65,535 bytes long with the length of a header added in.
- Time to live: Time to live (or TTL in short) is an 8-bit field to indicate the maximum time the datagram will be live in the internet system. The time here is measured in seconds, and in case the value of TTL is zero, the datagram is erased. Every time a datagram is processed, it’s Time to live is decreased by one second. These are used so that datagrams that are not delivered are discarded automatically. TTL can be between 0 – 255.
- Protocol: This is a filed in the IPv4 header reserved to denote which protocol is used in the later (data) portion of the datagram. For Example, number 6 is used to denote TCP and 17 is used to denote UDP protocol.
- The header’s checksum: The checksum field is of 16-bit length, and it is used to check the header for any errors. The header is compared to the value of its checksum at each hop, and in case the header checksum is not matching, the packet is discarded. Keep in mind that this is only for the header, and its protocol handles the data field. UDP and TCP, for example, have their own checksum fields.
- Source Address: It is a 32-bit address of the source of the IPv4 packet.
- Destination Address: the destination address is also 32 bit in size, and it contains the receiver’s address.
- Options: This is an optional field of the IPv4 header. It is used only when the value of IHL is set to more than 5. These options contain values and settings for things related to security. Record route and time stamp etc. You will find that the list of options component ends with an End of Options or EOL in many cases.
Conclusion
IP headers are one of the crucial components of the protocol. Being able to tell the network about the datagram, its source, and its destination is important, and so is the ability to detect any errors in the header to avoid using corrupted packets. Considering that almost all of the modern internet relies on IPv4 and IPv6, these headers are used in almost all of the HTTP internet traffic.
Recommended Articles
This has been a guide to IPv4 Header Format. Here we discussed Introduction to IPv4 Header Format, its components with their sizes and what they are used for. You can also go through our other suggested articles to learn more –
Header : IPv4
Version
This field (4 bits) indicates IP version. It is always 4 in IPv4 header.
DSCP (Differentiated Services Code Point)
This field (6 bits) used to be called ToS('Type of Service') and now renamed to DSCP. Refer to rfc2475 for the details.
ECN(Explicit Congestion Notification)
This field (2 bits) is used for end to end notification of Network Congestion. It has following meaning
- 00 � Non ECN-Capable Transport, Non-ECT
- 10 � ECN Capable Transport, ECT(0)
- 01 � ECN Capable Transport, ECT(1)
- 11 � Congestion Encountered, CE.
Internet Header Length (IHL)
This field (4 bit) indicates the length of the IP header and the unit is 4 bytes (32 bits). So, if the value of this field is 5, it means the length of IP header is 20 bytes (= 5 x 4 bytes).
Total Length
This field (16 bits) indicates the total length of the IP packet (Length of IP header + Length of payload) in bytes. The minimum value is 20 bytes since the minimum IPv4 header length is 20 bytes.
The length of field is 16 bits. This means the max length of one IP packet is 2^16 Bytes (65535 bytes) including the header. the minimum length of one IP packet is 20 bytes which is the case in which there is only IP header and No payload.
Identification
This field (16 bits) is used to uniquely identify a group of fragments that belongs to the same IP diagram.
Flags
This field (3 bits) is used to control and indentify the fragments. The meaning of each bit is as follows.
- bit 0: Reserved; must be zero.
- bit 1: Don't Fragment (DF)
- bit 2: More Fragments (MF)
For unfragmented packets, the MF flag is set to be 0.
For fragmented packets, bit 0 set to be 0, bit 1 is set to be 0 and bit 2 is set to be 1 (However, in case of the last fragment of the fragmented packets all bits are set to be 0)
Fragment Offset
This field (13 bits) indicates the position of a fragemented packets from the biginning of the original packet. The unit is the multiples of 8 bytes. For example, if the value is 1, it menas the fragment offest is 8 bytes . if the value is 10, it means the fragment offset is 80 bytes. The value for unfragmented packet or the first fragment of the fragmented packet is set to be 0.
Time to Live
This field (8 bits) indicates how long the packet can survive in the network. Even though the unit is in seconds, it is practically interpreted as the number of hops it can go through. When the datagram arrives at a router, the router decrements the TTL field by one. When the TTL field hits zero, the router discards the packet and typically sends an ICMP Time Exceeded message to the sender. In this way, we can avoid the situation in which a packet goes round and round within the network without reaching the final destination.
Protocol
This field (8 bits) indicates the protocol of the payload part and can be specified by one of the following values.
Decimal | Hex | Keyword | Protocol |
0 | 0x00 | HOPOPT | IPv6 Hop-by-Hop Option |
1 | 0x01 | ICMP | Internet Control Message Protocol |
2 | 0x02 | IGMP | Internet Group Management Protocol |
3 | 0x03 | GGP | Gateway-to-Gateway Protocol |
4 | 0x04 | IP-in-IP | IP in IP (encapsulation) |
5 | 0x05 | ST | Internet Stream Protocol |
6 | 0x06 | TCP | Transmission Control Protocol |
7 | 0x07 | CBT | Core-based trees |
8 | 0x08 | EGP | Exterior Gateway Protocol |
9 | 0x09 | IGP | Interior Gateway Protocol (any private interior gateway (used by Cisco for their IGRP)) |
10 | 0x0A | BBN-RCC-MON | BBN RCC Monitoring |
11 | 0x0B | NVP-II | Network Voice Protocol |
12 | 0x0C | PUP | Xerox PUP |
13 | 0x0D | ARGUS | ARGUS |
14 | 0x0E | EMCON | EMCON |
15 | 0x0F | XNET | Cross Net Debugger |
16 | 0x10 | CHAOS | Chaos |
17 | 0x11 | UDP | User Datagram Protocol |
18 | 0x12 | MUX | Multiplexing |
19 | 0x13 | DCN-MEAS | DCN Measurement Subsystems |
20 | 0x14 | HMP | Host Monitoring Protocol |
21 | 0x15 | PRM | Packet Radio Measurement |
22 | 0x16 | XNS-IDP | XEROX NS IDP |
23 | 0x17 | TRUNK-1 | Trunk-1 |
24 | 0x18 | TRUNK-2 | Trunk-2 |
25 | 0x19 | LEAF-1 | Leaf-1 |
26 | 0x1A | LEAF-2 | Leaf-2 |
27 | 0x1B | RDP | Reliable Datagram Protocol |
28 | 0x1C | IRTP | Internet Reliable Transaction Protocol |
29 | 0x1D | ISO-TP4 | ISO Transport Protocol Class 4 |
30 | 0x1E | NETBLT | Bulk Data Transfer Protocol |
31 | 0x1F | MFE-NSP | MFE Network Services Protocol |
32 | 0x20 | MERIT-INP | MERIT Internodal Protocol |
33 | 0x21 | DCCP | Datagram Congestion Control Protocol |
34 | 0x22 | 3PC | Third Party Connect Protocol |
35 | 0x23 | IDPR | Inter-Domain Policy Routing Protocol |
36 | 0x24 | XTP | Xpress Transport Protocol |
37 | 0x25 | DDP | Datagram Delivery Protocol |
38 | 0x26 | IDPR-CMTP | IDPR Control Message Transport Protocol |
39 | 0x27 | TP++ | TP++ Transport Protocol |
40 | 0x28 | IL | IL Transport Protocol |
41 | 0x29 | IPv6 | IPv6 Encapsulation |
42 | 0x2A | SDRP | Source Demand Routing Protocol |
43 | 0x2B | IPv6-Route | Routing Header for IPv6 |
44 | 0x2C | IPv6-Frag | Fragment Header for IPv6 |
45 | 0x2D | IDRP | Inter-Domain Routing Protocol |
46 | 0x2E | RSVP | Resource Reservation Protocol |
47 | 0x2F | GRE | Generic Routing Encapsulation |
48 | 0x30 | MHRP | Mobile Host Routing Protocol |
49 | 0x31 | BNA | BNA |
50 | 0x32 | ESP | Encapsulating Security Payload |
51 | 0x33 | AH | Authentication Header |
52 | 0x34 | I-NLSP | Integrated Net Layer Security Protocol |
53 | 0x35 | SWIPE | SwIPe |
54 | 0x36 | NARP | NBMA Address Resolution Protocol |
55 | 0x37 | MOBILE | IP Mobility (Min Encap) |
56 | 0x38 | TLSP | Transport Layer Security Protocol (using Kryptonet key management) |
57 | 0x39 | SKIP | Simple Key-Management for Internet Protocol |
58 | 0x3A | IPv6-ICMP | ICMP for IPv6 |
59 | 0x3B | IPv6-NoNxt | No Next Header for IPv6 |
60 | 0x3C | IPv6-Opts | Destination Options for IPv6 |
61 | 0x3D | Any host internal protocol | |
62 | 0x3E | CFTP | CFTP |
63 | 0x3F | Any local network | |
64 | 0x40 | SAT-EXPAK | SATNET and Backroom EXPAK |
65 | 0x41 | KRYPTOLAN | Kryptolan |
66 | 0x42 | RVD | MIT Remote Virtual Disk Protocol |
67 | 0x43 | IPPC | Internet Pluribus Packet Core |
68 | 0x44 | Any distributed file system | |
69 | 0x45 | SAT-MON | SATNET Monitoring |
70 | 0x46 | VISA | VISA Protocol |
71 | 0x47 | IPCU | Internet Packet Core Utility |
72 | 0x48 | CPNX | Computer Protocol Network Executive |
73 | 0x49 | CPHB | Computer Protocol Heart Beat |
74 | 0x4A | WSN | Wang Span Network |
75 | 0x4B | PVP | Packet Video Protocol |
76 | 0x4C | BR-SAT-MON | Backroom SATNET Monitoring |
77 | 0x4D | SUN-ND | SUN ND PROTOCOL-Temporary |
78 | 0x4E | WB-MON | WIDEBAND Monitoring |
79 | 0x4F | WB-EXPAK | WIDEBAND EXPAK |
80 | 0x50 | ISO-IP | International Organization for Standardization Internet Protocol |
81 | 0x51 | VMTP | Versatile Message Transaction Protocol |
82 | 0x52 | SECURE-VMTP | Secure Versatile Message Transaction Protocol |
83 | 0x53 | VINES | VINES |
84 | 0x54 | TTP | TTP |
84 | 0x54 | IPTM | Internet Protocol Traffic Manager |
85 | 0x55 | NSFNET-IGP | NSFNET-IGP |
86 | 0x56 | DGP | Dissimilar Gateway Protocol |
87 | 0x57 | TCF | TCF |
88 | 0x58 | EIGRP | EIGRP |
89 | 0x59 | OSPF | Open Shortest Path First |
90 | 0x5A | Sprite-RPC | Sprite RPC Protocol |
91 | 0x5B | LARP | Locus Address Resolution Protocol |
92 | 0x5C | MTP | Multicast Transport Protocol |
93 | 0x5D | AX.25 | AX.25 |
94 | 0x5E | IPIP | IP-within-IP Encapsulation Protocol |
95 | 0x5F | MICP | Mobile Internetworking Control Protocol |
96 | 0x60 | SCC-SP | Semaphore Communications Sec. Pro |
97 | 0x61 | ETHERIP | Ethernet-within-IP Encapsulation |
98 | 0x62 | ENCAP | Encapsulation Header |
99 | 0x63 | Any private encryption scheme | |
100 | 0x64 | GMTP | GMTP |
101 | 0x65 | IFMP | Ipsilon Flow Management Protocol |
102 | 0x66 | PNNI | PNNI over IP |
103 | 0x67 | PIM | Protocol Independent Multicast |
104 | 0x68 | ARIS | IBM's ARIS (Aggregate Route IP Switching) Protocol |
105 | 0x69 | SCPS | SCPS (Space Communications Protocol Standards) |
106 | 0x6A | QNX | QNX |
107 | 0x6B | A/N | Active Networks |
108 | 0x6C | IPComp | IP Payload Compression Protocol |
109 | 0x6D | SNP | Sitara Networks Protocol |
110 | 0x6E | Compaq-Peer | Compaq Peer Protocol |
111 | 0x6F | IPX-in-IP | IPX in IP |
112 | 0x70 | VRRP | Virtual Router Redundancy Protocol, Common Address Redundancy Protocol (not IANA assigned) |
113 | 0x71 | PGM | PGM Reliable Transport Protocol |
114 | 0x72 | Any 0-hop protocol | |
115 | 0x73 | L2TP | Layer Two Tunneling Protocol Version 3 |
116 | 0x74 | DDX | D-II Data Exchange (DDX) |
117 | 0x75 | IATP | Interactive Agent Transfer Protocol |
118 | 0x76 | STP | Schedule Transfer Protocol |
119 | 0x77 | SRP | SpectraLink Radio Protocol |
120 | 0x78 | UTI | Universal Transport Interface Protocol |
121 | 0x79 | SMP | Simple Message Protocol |
122 | 0x7A | SM | Simple Multicast Protocol |
123 | 0x7B | PTP | Performance Transparency Protocol |
124 | 0x7C | IS-IS over IPv4 | Intermediate System to Intermediate System (IS-IS) Protocol over IPv4 |
125 | 0x7D | FIRE | Flexible Intra-AS Routing Environment |
126 | 0x7E | CRTP | Combat Radio Transport Protocol |
127 | 0x7F | CRUDP | Combat Radio User Datagram |
128 | 0x80 | SSCOPMCE | Service-Specific Connection-Oriented Protocol in a Multilink and Connectionless Environment |
129 | 0x81 | IPLT | |
130 | 0x82 | SPS | Secure Packet Shield |
131 | 0x83 | PIPE | Private IP Encapsulation within IP |
132 | 0x84 | SCTP | Stream Control Transmission Protocol |
133 | 0x85 | FC | Fibre Channel |
134 | 0x86 | RSVP-E2E-IGNORE | Reservation Protocol (RSVP) End-to-End Ignore |
135 | 0x87 | Mobility Header | Mobility Extension Header for IPv6 |
136 | 0x88 | UDPLite | Lightweight User Datagram Protocol |
137 | 0x89 | MPLS-in-IP | Multiprotocol Label Switching Encapsulated in IP |
138 | 0x8A | manet | MANET Protocols |
139 | 0x8B | HIP | Host Identity Protocol |
140 | 0x8C | Shim6 | Site Multihoming by IPv6 Intermediation |
141 | 0x8D | WESP | Wrapped Encapsulating Security Payload |
142 | 0x8E | ROHC | Robust Header Compression |
143-252 | 0x8F-0xFC | UNASSIGNED | |
253-254 | 0xFD-0xFE | Use for experimentation and testing | |
255 | 0xFF | Reserved. |
Header Checksum
This field (16 bits) carries the checksum value of the header. It may be confusing.. because Header Checksum field is also a part of the header. So you may ask 'does checksum calculation includes HeadChecksum field or not ?'. The answer is 'Yes, the HeadChecksum field is also used in the checksum calculation, but the value is always assumed to be all zero.
Source Address / Destination Address
Both Source address and Destination Address takes 32 bits for each. These address are represted as follow format.
W.X.Y.Z
W, X, Y, Z can be any number between 0 and 255, but depending on various purpose/class these number can take a specific range of values as below. (You can figure out the IP set to your PC using ipconfig command (in windows) or ifconfig (in Linux) and you can figure out the ip for a specific site using nslookup).
Followings are IP addresses that are reserved for private networks.
Name | Address range | Number of addresses | Classful description | Largest CIDR block |
24-bit block | 10.0.0.0�10.255.255.255 | 16,777,216 | Single Class A | 10.0.0.0/8 |
20-bit block | 172.16.0.0�172.31.255.255 | 1,048,576 | Contiguous range of 16 Class B blocks | 172.16.0.0/12 |
16-bit block | 192.168.0.0�192.168.255.255 | 65,536 | Contiguous range of 256 Class C blocks | 192.168.0.0/16 |
Followings are some of the IP addresses that are reserved for special purpose.
Range | Description |
0.0.0.0/8 | Current network (only valid as source address) |
10.0.0.0/8 | Private network |
100.64.0.0/10 | Shared Address Space |
127.0.0.0/8 | Loopback |
169.254.0.0/16 | Link-local |
172.16.0.0/12 | Private network |
192.0.0.0/24 | IETF Protocol Assignments |
192.0.2.0/24 | TEST-NET-1, documentation and examples |
192.88.99.0/24 | IPv6 to IPv4 relay |
192.168.0.0/16 | Private network |
198.18.0.0/15 | Network benchmark tests |
198.51.100.0/24 | TEST-NET-2, documentation and examples |
203.0.113.0/24 | TEST-NET-3, documentation and examples |
224.0.0.0/4 | IP multicast (former Class D network) |
240.0.0.0/4 | Reserved (former Class E network) |
255.255.255.255 | Broadcast |
Example 01 > ===========================================================
Internet Protocol Version 4, Src: 1.1.1.100 (1.1.1.100), Dst: 1.1.1.1 (1.1.1.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 32
Identification: 0x0a76 (2678)
Flags: 0x00
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: Unknown (253)
Header checksum: 0x2b05 [correct]
[Good: True]
Following is the HEX string and Binary String for the IP header decoded above, try decode each field on your own and compare your decoding with the wireshark decode shown above. You can get the C language example of IPv4 decoding if you are interested.
HEX : 45 00 00 20 0a 76 00 00 80 fd 2b 05 01 01 01 64 01 01 01 01
BIN :
01000101 00000000 00000000 00100000
00001010 01110110 00000000 00000000
10000000 11111101 00101011 00000101
00000001 00000001 00000001 01100100
00000001 00000001 00000001 00000001