1. OUTLINE
Introduction
IPv4 header
calculation of header length
TCP flags
ICMP
TTL
TTL value for windows and linux
how to change ttl value for windows
2. WHAT IS A PROTOCOL?
A standard that allows entities (i.e. application programs)
from different systems to communicate
4. IPV4
Internet Protocol version 4 (IPv4) is the fourth version in the development of the Internet
Protocol (IP) and the first version of the protocol to be widely deployed.
IPV4 protocol works at the network layer of the OSI model and at the Internet layer of the
TCP/IP model.
It defines IP addresses in a 32-bit format, which looks like 123.123.123.123.
The total number of IPv4 addresses available is 4,294,967,296 (256 x 256 x 256 x 256 or 2^32)
6. IPV4 HEADER
• Version (4 bits)
• Internet header length (4
bits)
• Service (8 bits)
• Total Length (16 bits)
• Identification (16 bits)
• Flags (3 bits)
• Fragment Offset (13 bits)
• Time to Live (8 bits)
• Protocol (8 bits)
• Header Checksum (16 bits)
• Source Address ( 32 bits)
• Destination Address (32 bits)
• Options (variable)
7. IPV4 HEADER
• Version (4 bits)
This is the first field in the protocol header. This field occupies 4
bits. This signifies the current IP protocol version being used.
Fig- Ipv4
8. IPV4 HEADER
• Internet header length (4 bits)
This 4-bit field defines the total length of the datagram header in 4-byte
words.
This field is needed because the length of the header is variable
(between 20 and 60 bytes).
9. IPV4 HEADER
• Services
IETF has changed the interpretation and name of this 8-bit field.
This field, previously called service type, is now called differentiated
services.
In this interpretation, the first 3 bits are called precedence bits.
The next 4 bits are called type of service (TOS) bits, and the last bit is
not used.
10. IPV4 HEADER
• The precedence defines the priority of the datagram in issues such as
congestion.
• If a router is congested and needs to discard some datagrams, those
datagrams with lowest precedence are discarded first.
• TOS bits is a 4-bit subfield with each bit having a special meaning.
13. IPV4 HEADER
• Total Length (16 bits)
• This is a 16-bit field that defines the total length (header plus data) of the IPv4
datagram in bytes.
• This 16-bit field defines the entire packet size, including header and data, in bytes.
The minimum-length packet is 20 bytes (20-byte header + 0 bytes data) and the
maximum is 65,535 bytes
14. IPV4 HEADER
• Identification (16 bits)
This field is an identification field and is primarily used for uniquely identifying the group of
fragments of a single IP datagram
• Flags (3 bits)
A three-bit field follows and is used to control or identify fragments
•bit 0: Reserved; must be zero.
•bit 1: Don't Fragment (DF)
•bit 2: More Fragments (MF)
15. IPV4 HEADER
• Fragment Offset (13 bits)
• This 13-bit field indicates the position of a particular fragment's data
in relation to the first byte of data (offset 0).
• Because it is entirely possible that the fragments that comprise a block
of data might travel along different paths to the destination, it is
possible they might arrive out of sequence.
17. 1.Create First Fragment: The first fragment is created by taking the first 3,300 bytes of the
12,000-byte IP datagram. This includes the original header, which becomes the IP header of the
first fragment (with certain fields changed as described below). So, 3,280 bytes of data are in the
first fragment. This leaves 8,700 bytes to encapsulate (11,980 minus 3,280).
2.Create Second Fragment: The next 3,280 bytes of data are taken from the 8,700 bytes that
remain after the first fragment was built, and paired with a new header to create fragment #2. This
leaves 5,420 bytes.
3.Create Third Fragment: The third fragment is created from the next 3,280 bytes of data, with a
20-byte header. This leaves 2,140 bytes of data.
4.Create Fourth Fragment: The remaining 2,140 bytes are placed into the fourth fragment, with a
20-byte header of course.
19. IPV4 HEADER
• TTL (Time To Live)
To avoid looping in the network, every packet is sent with some TTL value set, which tells the network
how many routers (hops) this packet can cross. At each hop, its value is decremented by one and when
the value reaches zero, the packet is discarded
20. IPV4 HEADER
Source address.
This 32-bit field defines the IPv4 address of the source.
Destination address
This 32-bit field defines the IPv4 address of the destination.
Header Checksum (16 bits)
This field is used to keep checksum value of entire header which is then used to check if the
packet is received error-free.
21. IP HEADER LENGTH
• The length of the header is represented in 32 bit words.
• The Internet Protocol (IP) is defined in RFC 791. The RFC specifies
the format of the IP header. In the header there is the IHL (Internet
Header Length) field which is 4 bits long and specifies the header
length in 32 bit words. The IHL field can hold values from 0 (Binary
0000) to 15 (Binary 1111)..
22. IP HEADER LENGTH
• So the longest Internet Header (IP header) size can be 15*32 Bits =
480 Bits = 60 Bytes.
• This is why the header has a maximum size of 60 Bytes
• The shortest header size is 20 bytes, where the IHL field has the value
5 (0101). This is because all the required fields in the header need 20
Bytes of space.
23. ICMP REPLIES
• ICMP (Internet Control Message Protocol) is an error-reporting
protocol network devices like routers use to generate error messages
to the source IP address when network problems prevent delivery of
IP packets.
• The ICMP header appears after the IPv4 or IPv6 packet header and is
identified as IP protocol number 1(one).
25. ICMP TYPES
TYPE 0 & 8 -Echo Reply & Echo Request
This is the ICMP most used to test IP connectivity commonly known as PING. The
Echo Request ICMP will have a Type field of 8 and a Code field of 0. Echo Replies
have a Type field of 0 and a Code field of 0.
27. ICMP TYPES
TYPE 3- Destination Unreachable
When a packet is undeliverable, a Destination Unreachable, Type 3, ICMP is generated. Type 3 ICMPs can
have a Code value of 0 to 15:
Value Description
----- -----------
0 Network Unreachable
1 Host Unreachable
2 Protocol Unreachable
3 Port Unreachable
4 Fragmentation needed and DF (Don't Fragment) set
5 Source route failed
6 Destination Network unknown
7 Destination Host unknown
8 Source Host isolated
Value Description
----- -----------
9 Communication with Destination Network Administratively
Prohibited
10 Communication with Destination Host Administratively
Prohibited
11 Network Unreachable for Type Of Service
12 Host Unreachable for Type Of Service
13 Communication Administratively Prohibited by Filtering
14 Host Precedence Violation
15 Precedence Cut-off in Effect
28. TYPE 5- Redirect Message
Redirect requests data packets be sent on an alternative route. ICMP Redirect is a
mechanism for routers to convey routing information to hosts. The message informs
a host to update its routing information (to send packets on an alternative route).
ICMP TYPES
Code
Value Description
----- -----------
0 Redirect datagrams for the Network
1 Redirect datagrams for the Host
2 Redirect datagrams for the Type of Service and Network
3 Redirect datagrams for the Type of Service and Host
29. TCP FLAGS
URG (1 bit) – indicates that the Urgent pointer field is significant
ACK (1 bit) – indicates that the Acknowledgment field is significant. All packets after the initial SYN
packet sent by the client should have this flag set.
PSH (1 bit) – Push function. Asks to push the buffered data to the receiving application.
RST (1 bit) – Reset the connection
SYN (1 bit) – Synchronize sequence numbers. Only the first packet sent from each end should have this
flag set. Some other flags and fields change meaning based on this flag, and some are only valid for when
it is set, and others when it is clear.
FIN (1 bit) – No more data from sender
30. NS (1 bit) – ECN-nonce concealment protection (experimental:
see RFC 3540).
CWR (1 bit) – Congestion Window Reduced (CWR) flag is set by
the sending host to indicate that it received a TCP segment with
the ECE flag set and had responded in congestion control
mechanism (added to header by RFC 3168).
ECE (1 bit) – ECN-Echo has a dual role, depending on the value
of the SYN flag. It indicates:
If the SYN flag is set (1), that the TCP peer is ECN capable.
If the SYN flag is clear (0), that a packet with Congestion
TCP FLAGS
31. TTL
To avoid looping in the network, every packet is sent with some TTL value set, which tells the network
how many routers (hops) this packet can cross. At each hop, its value is decremented by one and when the
value reaches zero, the packet is discarded
Default TTL value
Windows-128
Linux -64
32. TTL
Option Use
-n Count Determines the number of echo requests to send. The default is
4 requests.
-w Timeout Enables you to adjust the time-out (in milliseconds). The default is
1,000 (a 1-second time-out).
-l Size Enables you to adjust the size of the ping packet. The default size
is 32 bytes.
-f Sets the Do Not Fragment bit on the ping packet. By default, the
ping packet allows fragmentation.
33. C:>ping -n 2 -l 1450 131.107.8.1
Pinging 131.107.8.1 with 1450 bytes of data:
Reply from 131.107.8.1: bytes=1450 time<10ms TTL=32
Reply from 131.107.8.1: bytes=1450 time<10ms TTL=32
Ping statistics for 131.107.8.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate roundtrip times in milliseconds:
Minimum = 0ms, Maximum = 10ms, Average = 2ms
34. TTL
How to change TTL value for windows ?
HKEY_LOCAL_MACHINE subtree, go to the following key:
SYSTEMCurrentControlSetServicesTcpipParameters.
In the right pane, add the following value:
Name: DefaultTTL
Type: REG_DWORD
Valid Range: 1-255
And restart system
35. TTL
How to change TTL value for Linux ?
sudo sysctl net.ipv4.ip_default_ttl=129
echo 129 | sudo tee /proc/sys/net/ipv4/ip_default_ttl
sudo bash -c 'echo 129 > /proc/sys/net/ipv4/ip_default_ttl'
To make this setting persistent across reboots you could append
the following line to the file /etc/sysctl.conf:
net.ipv4.ip_default_ttl=129
or