|
|
If you were to conduct a survey on the Internet to ascertain the types of computers on it, you'd discover that there are only two main types of machines on-line. Normal, everyday computers ranging from Macintoshes to large UNIX servers; IBM compatibles to huge super-computers and the other type of computer you'd find would be routers (or gateways as they're sometimes called). This is a rather broad classification, but we'll explain why Macintoshes and IBM compatibles can be grouped as one and why routers are a class apart.
Router's, unlike all other machines on the Internet, are primarily concerned with IP or the Internet Protocol. As you well know, TCP/IP is actually two protocols sandwiched one above the other. IP is the part meant for routers and contains enough information for them to send the packet reliably to it's destination and TCP is meant for the servers and clients which abound on the Internet. No server is really concerned with IP, all it wants is TCP and the higher level protocols which use it, like HTTP, SMTP etc.
In this document, we'd take an in-depth look at the IP header and try to understand the importance and use of each byte in it. After you're through with this tutorial, jump over to TCP which is the next half of TCP/IP.
Here is a snapshot of the IP header -
Table 1 : IP Header format
| Version (4 bits) |
IP Hdr Len (4 bits) |
Type of Service (8 bits) |
Length of the IP datagram (16 bits) |
| Identification no (16 bits) |
Fragmentation (16 bits) |
| Time to Live (8 bits) |
Protocol type (8 bits) |
IP Checksum ( 16 bits) |
| Source IP Address (32 bits) |
| Destination IP Address (32 bits) |
Table 2 : Sample IP header
| 45 | 00 | 00 | 2c |
| 00 | 01 | 00 | 00 |
| 1f | 06 | ** | ** |
| 202 | 54 | 139 | 83 |
| 194 | 61 | 67 | 181 |
** - checksum value
Lets jump right in and start examining the bytes.
The first byte of the IP header is actually divided into two 4 bit sections. The first 4 bits specify the version number of the IP we're using. IP version 4 is the current standard and Ipv6 is the new proposed standard. IPv5 was experimental and was never really released. The reason IPv6 is being pushed is because of certain problems in IPv4. We'll get to that in a moment. Currently, all packets on the Internet are IPv4.
The next four bit section or nibble indicates the length of the IP header. Actually, 5 (the length in the test packet given above) isn't the length of the header. It has to be multiplied by 4 to get 20 bytes, the actual length of the header. This is the normal length of the IP header, though it can be larger in certain cases. Since the length field is 4 bits large, the largest number it can hold is 15. So the largest IP header can be only (15*4) 60 bytes large.
The second byte from the start is the Type of Service and this field is almost always zero. The Type of service (TOS) field was supposed to hold a number prioritising the packet. So a packet which had to reach it's destination real fast, e.g. Real Audio or Telnet, would have a larger TOS and thus it would be handled faster by the routers. A higher paying customer would have a higher TOS and thus his connections would work faster than those of a lower paying customer. Unfortunately, the Internet community couldn't standardise on the TOS and so no one really know what number to put here! Additionally router manufacturers, which were under tremendous pressure to create faster routers, decided that the overhead of processing the TOS was too much. Most routers nowadays totally ignore the TOS or put packets with the Type of Service set in a slower queue! Since the TOS field is usually ignored and since it makes he packet slower, most software doesn't use it. This meant that almost no routers manufactured in the last decade even look at the TOS field.
The next two bytes of the IP header hold the total length of the packet. This length is the length of the IP datagram , it can be IP+TCP+data or IP+UDP+data or IP+ICMP+data....and it's known as the Payload length. This is a prime example of what confusion would have reigned had the Network Byte Order not been standardised. If the size of the total packet is 40 bytes, we put 0x00 0x28 here because on the Internet the low byte comes first and the high byte comes later. This is know and the Network Byte Order.
Copyright reserved by Priyankar Mukherjee.
No part of this material may be stored in any form or by any means, electrical, mechanical,
photocopy, recording or otherwise, by anyone without prior written permission from
Priyankar Mukherjee. Violators are liable to be legally procecuted.