FuSs AbOuT An ImAgInArY IlLnEs







Let us be familiar with IP header!

IP Packet Header

It is important to understand the structure of an IP packet, not only for the certification exams, but also in daily life on a network - if you are to correctly use things like protocol analyzers ("sniffers"), then you will need to know how to decipher a packet.

The packet header is always between 20 and 24 bytes (octets) in length, depending on whether or not the header includes options at the end of the header. It can be broken down into four rows of 32 bits each, as shown above. The fields above are:

  1. VER - Version. Identifies the version of IP being used. Typical value is 0100 (version 4), though IPng (IP Next Generation, or IP Version 6) is becoming increasingly important.
  2. HL - Header Length. Specifies how big the header is - depending on the Options field (discussed later), this may make the packet between 20 to 24 bytes in length.
  3. TOS - Type Of Service. These bits are crucial for certain types of QoS routing. These fields are:
    *   <font color="#000000"><u>Precedence</u> - the first three bits are for precedence. Anything other than zero indicates a special packet: </font>
        *   <font color="#000000">000 = Routine (normal) packet </font> <li><font color="#000000">001 = Priority </font> <li><font color="#000000">010 = Immediate </font> <li><font color="#000000">011 = Flash </font> <li><font color="#000000">100 = Flash Override </font> <li><font color="#000000">101 = CRITIC/ECP </font> <li><font color="#000000">110 = Internetwork Control </font> <li><font color="#000000">111 = Network Control </font> <li><font color="#000000"><u>Delay</u> - a single-bit field. A zero indicates a normal packet. A 1 identifies the packet as a packet that needs the shortest delay along its route. </font> <li><font color="#000000"><u>Throughput</u> - a single-bit field. A zero indicates a normal packet. A 1 identifies the packet as a packet that needs the largest amount of available bandwidth. </font> <li><font color="#000000"><u>Reliability</u> - a single-bit field. A zero indicates a normal packet. A 1 identifies the packet as a packet that needs the most reliable path to its destination. </font> <li><font color="#000000"><u>Monetary Cost</u> - a single-bit field. A zero indicates a normal packet. A 1 identifies the packet as a packet that needs the most cost-effective path. </font> <li><font color="#000000"><u>Reserved</u> - the last bit in the TOS fields is always a zero. </font> <li><font color="#000000">**Total Length** - Specifies the length of the total packet in bytes. The maximum possible size of a IP packet is 65,535 bytes. </font> <li><font color="#000000">**Identifier** - a 16-bit field used in concert with the Flags and Fragment Offset fields to handle fragmentation of a packet as it crosses boundaries of different MTU. _NOTE! A fragmented packet is not reassembled at the other end of the data link. It stays fragmented until it reaches its final destination._ </font> <li><font color="#000000">**Flags** - a three-bit field. First bit is unused. Second bit is the DF bit - &quot;Don't Fragment,&quot; which is used to stop fragmentation across MTU boundaries. The third bit is the MF bit - &quot;More Fragments,&quot; used by the router fragmenting the packet. Set to 1 for all packets except the last one, to tell the end station which fragment is the last one. </font> <li><font color="#000000">**Fragment Offset** - a 13-bit field that specifies the offset of where the header ends and the fragment begins. </font> <li><font color="#000000">**TTL** - Time To Live - an 8-bit field that is set by the sending station as a certain fixed number that all routers decrement by one (until zero, when the packet is discarded), so that if a routing loop happens, packets don't circulate endlessly. </font> <li><font color="#000000">**Protocol** - an 8-bit field that tells the transport layer which protocol is being delivered in the packet. Common numbers include 4 for IP, 6 for TCP, 17 for UDP, and 89 for OSPF. </font> <li><font color="#000000">**Header Checksum** - a 16-bit one's complement checksum of the header to prevent errors in the header of the packet. </font> <li><font color="#000000">**Source and Destination Address** - each field is 32 bits in length, denoting the sending and receiving station. </font> <li><font color="#000000">**Options and Padding** - options is a variable length field. Options include diagnostic fields that force packets along a certain path (regardless of router metrics or routing protocols), recording route information (for traceroute commands), etc. Padding is a series of zeros that brings the header to a full multiple of 32 bits. </font>** <p><font color="#000000">Other important things to remember about IP:</font>**<font color="#000000"> </font> 

Strange events around me

No more than 25 tcp session occures at one time, can’t change the language setting of MSN BLOG…

The hobby is no hobby~

Just getting more and more lazy these days…

Need to cheer me up~