We got fed up one day looking for the definition of this stuff in a single place and that we could find in 1 minute - so we created our own. Not exhaustive - check the RFCs for the 'skinny'. You can get RFCs from the IETF.
If you have a high threshold of pain you may want to read about IP addressing, CIDR, subnets and netmask. Or if you are real smart get wireshark and let it do the interpretation for you. We have added a description of the IPv6 version.
Note: All of the field values defined within each protocol are not maintained within the protocol RFC itself but by IANA (Internet Assigned Numbers Association).
Octet | Bits | Len | Name | Notes |
0 | 0-3 | - | Version | 4 bits. IP version number. Current version is 4. |
0 | 4-7 | - | Hdr length | 4 bits. Length of IP header in 32 bit words (4 octets). Minimum valid is 5 (20 octets). |
1 | - | 1 | ToS | 1 octet. Type of Service. Rarely used, often misused or abused. bit 0-2: Precedence bit 3: Delay 0 = normal 1 = low bit 4: Throughtput 0 = normal 1 = high bit 5: Reliability 0 = normal 1 = high bit 6-7: Reserved Precedence 111 Network Control 110 Internetwork Control 101 CRITIC/ECP 100 Flash override 011 Flash 010 Immediate 001 Priority 000 Routine When used with Explicit Congestion Notification (ECN) (RFC 3168) may take values defined here and here. |
2-3 | - | 2 | Total Length | 2 Octets. Total length in octets of this packet starting from octet 0 of this header. |
4-5 | - | 2 | Identification | 2 Octets. Sequence number used when fragmenting IP packets for a given media type. |
6 | 0-3 | - | Flags | 3 bits. Usage bit 0 - not used = 0 bit 1 (DF) = 1 do not fragment bit 2 (MF) = 1 more fragments to come |
6-7 | 4-15 | - | Version | 13 bits. Fragment start offset measured in 8 octet (64 bit) units. First fragment is zero. |
8 | - | 1 | TTL | 1 octet. Time to Live. See notes. |
9 | - | 1 | Protocol | 1 octet. Protocol. Some common values: 0 (0x00) IPv6 Hop-by-Hop Option 1 (0x01) ICMP protocol 2 (0x02) IGMP protocol 4 (0x04) IP over IP 6 (0x06) TCP protocol 17 (0x11) UDP protocol 41 (0x29) IPv6 protocol Definitive list is here |
10-11 | - | 1 | Checksum | 2 octets. See RFCs 1141 & 1624. Covers IP header ONLY. |
12-15 | - | 4 | Source | 4 octets. Source IP address. |
16-19 | - | 4 | Destination | 4 octets. Destination IP address. |
20+ | - | ? | IP Options | Optional. If present must be padded to 32 bit multiples. Definitive list of options is here. |
Internet Control Message Protocol (ICMP) is used to perform many network 'housekeeping' tasks. Each ICMP message has a slightly different format but the first 4 bytes are ALWAYS the same.
Octet | Len | Name | Notes |
0 | 1 | ICMP Type | ICMP Message Type 0 = echo reply(ping) 3 = destination unreachable 4 = source quench 5 = redirect (route change) 8 = echo request(ping) 11 = time exceeded 12 = Parameter problem 13 = timestamp request 14 = timestamp reply 17 = address mask request 18 = address mask reply |
1 | 1 | Code | Code values are message specific. |
2-3 | 2 | Checksum | - |
In a ping operation the entire packet is echo'd (or pinged as in ping-pong) back to the sender. A trace route comand (tracert) is usually a series of ping commands with increasing values of the TTL parameter (in IP header) such that it will be returned from each successive router.
Octet | Len | Name | Notes |
0 | 1 | ICMP Type | Message Type 8 = Echo request 0 = echo reply |
1 | 1 | Code | Code = 0 |
2-3 | 2 | Checksum | - |
4-5 | 2 | Identifier | Used by sender to identify operation. |
6-7 | 2 | Sequence | Used by sender to identify operation. |
8+ | ? | Data | Optional Data field. |
The code field specifies the type of error.
Octet | Len | Name | Notes |
0 | 1 | ICMP Type | Message Type 1 = Host unreachable |
1 | 1 | Code |
0 = Network unreachable 1 = Host unreachable 2 = Protocol unreachable 3 = Port unreachable 4 = Frag needed but DF set 5 = Source route failed 6 = Destination network unknown 7 = Destination host unknown 8 = Source host isolated 9 = Network access prohibited 10 = Host access prohibited 11 = Network unreachable for ToS 12 = Host unreachable for ToS |
2-3 | 2 | Checksum | - |
4-5 | 2 | Not used | Must be zero |
6-7 | 2 | Not used | Must be zero |
8+ | ? | User Packet | IP header plus first 64 bits (8 octets) of failing datagram. |
Great idea but most implementations seem to ignore this polite request to stop sending so much data.
Octet | Len | Name | Notes |
0 | 1 | ICMP Type | Message Type 4 = Source Quench |
1 | 1 | Code | Always 0 |
2-3 | 2 | Checksum | - |
4-5 | 2 | Not used | Must be zero |
6-7 | 2 | Not used | Must be zero |
8+ | ? | User Packet | IP header plus first 64 bits (8 octets) of last datagram. |
Indicates the host should use the specified gateway to reach the IP address contained in the returned message.
Octet | Len | Name | Notes |
0 | 1 | ICMP Type | Message Type 5 = ICMP redirect |
1 | 1 | Code | May take one of the following values
0 = redirect datagrams for net (obsolete) 1 = redirect datagrams for host 2 = redirect datagrams for ToS and net 3 = redirect datagrams for Tos and host |
2-3 | 2 | Checksum | - |
4-7 | 4 | Gateway IP | Specifies that, for the destination host in the returned datagram, this gateway should be used. |
8+ | ? | User Packet | IP header plus first 64 bits (8 octets) of failing datagram. |
Message returned by the discovering router when the TTL count reaches 0 in the IP header or timeout problem with fragmentation.
Octet | Len | Name | Notes |
0 | 1 | ICMP Type | Message Type 11 = ICMP Time Exceeded |
1 | 1 | Code | May take one of the following values
0 = Time to Live count = 0 (exceeded) 1 = fragment reassembly time exceeded |
2-3 | 2 | Checksum | - |
4-7 | 4 | Unused | must be zero. |
8+ | ? | User Packet | IP header plus first 64 bits (8 octets) of failing datagram. |
UDP (User Datagram Protocol) is a connectionless protocol and represents a lightweight method of sending and receiving data.
Octet | Len | Name | Notes |
0-1 | 2 | Source port | - |
2-3 | 2 | Destination Port | Reserved (well-known) port numbers are here |
4-5 | 2 | UDP Length | Length of UDP packet starting from Octet 0. |
6-7 | 2 | Checksum | Optional. 0 = no checksum. The value 0xFFFFFFFF is a computed checksum of 0. See also UDP pseudo header |
Octet | Len | Name | Notes |
0-3 | 4 | Source | Source IP address |
4-7 | 4 | Destination | Destination IP address |
8 | 1 | Zero | Always zero |
9 | 1 | Protocol | Always 17 for UDP |
10-11 | 2 | Length | Length of UDP packet (excluding this psuedo header) |
The UDP checksum is computed by including the above 'pseudo header' plus the total UDP packet including the 'real' UDP header.
TCP (Transmission Control Protocol) is a connection-oriented protocol (it has opens and closes and stuff) and provides secure data transfer (the protocol includes ACKs and stuff). You can get the same level of service using UDP but you have to 'hand-carve' the opening, closing and ACK processes. TCP is incredibly efficient and its windowing mechanism especially provides very fast network performance adaptive feedback. RFC 7414 provides a useful overview of all the relevant TCP parameters and options.
Octet | Bits | Len | Name | Notes |
0-1 | - | 2 | Source port | - |
2-3 | - | 2 | Destination Port | - |
4-7 | - | 4 | Sequence number | position of last octet we sent. |
8-11 | - | 4 | Acknowledge Number | Next octet number we expect from the peer. |
12 | 0-3 | - | HLEN | 4 bits. The number of 32 bit multiples (4 octets) in the TCP header including any 'options' fields. |
12 | 4-7 | - | Reserved | should be zero |
13 | - | 1 | Code bits | 8 bits (6 used) valid if 1 bit 0 (URG) Urgent bit 1 (ACK) Acknowledgement bit 2 (PSH) Requests PUSH bit 3 (RST) Reset connection bit 4 (SYN) Sync sequence numbers bit 5 (FIN) sender finished |
14-15 | - | 2 | Window | Specifies the amount of data we can accept. |
16-17 | - | 2 | Checksum | Standard IP checksum. Includes a TCP pseudo header. |
18-19 | - | 2 | Urgent pointer | Points to end of urgent data. |
TCP Options | ||||
TCP data |
Octet | Len | Name | Notes |
0-3 | 4 | Source | Source IP address |
4-7 | 4 | Destination | Destination IP address |
8 | 1 | Zero | Always zero |
9 | 1 | Protocol | Always 6 for TCP |
10-11 | 2 | Length | Length of TCP packet (excluding this psuedo header) |
The TCP checksum is computed by including the above pseudo header plus the total TCP packet including the real TCP header.
TCP allows a number of options sent with the SYN command. Option list MUST be padded with zeros (end of list option) to a multiple of 32 bits. Options may be one byte or multiple bytes (TLD - Type/Length/Data - format) in which case octet 2 is always the length value, octet 3+ contains data.
Big Deal: RFC 7323, the first TCP Option change for over 20 years, introduced new options to improve performance on high speed and high-delay networks.
Currently defined options are (exhaustive list is here):
Octet 0 | Type | Len | Data | Name |
0 | One byte | 1 | - | End of option list |
1 | One byte | 1 | - | Padding (MAY be used to align data) |
2 | TLD | 4 | max segment size | Segment size option |
Problems, comments, suggestions, corrections (including broken links) or something to add? Please take the time from a busy life to 'mail us' (at top of screen), the webmaster (below) or info-support at zytrax. You will have a warm inner glow for the rest of the day.
Tech Stuff
If you are happy it's OK - but your browser is giving a less than optimal experience on our site. You could, at no charge, upgrade to a W3C standards compliant browser such as Firefox
Search
Share
Page
Standards
ISO (International)
IEC (International)
ANSI (US)
DIN (Germany)
ETSI (EU)
BSI (UK)
AFNOR (France)
Telecom
TIA (US)
ECIA (US)
ITU (International)
IEEE (US)
ETSI (EU)
OFCOM (UK)
Internet
Electronics
Site
Copyright © 1994 - 2024 ZyTrax, Inc. All rights reserved. Legal and Privacy |
site by zytrax hosted by javapipe.com |
web-master at zytrax Page modified: January 20 2022. |