Useful Articles


IP Header Details

IP Header Details (IPv4)

IP protocol is one of the main protocols in the TCP/IP stack. It is in the form of IP Packets that all the transport layer protocols, for example, TCP, UDP, ICMP and IGMP data travels over the network. IP is connection less and unreliable protocol. It is connection less in the sense that no state related to IP Packets are maintained either on source or destination side and it is unreliable in the sense that it not guaranteed that an IP data gram will get delivered to the destination or not. If an IP Packet encounters some error at the destination or at some intermediate host (while traveling from source to destination) then the IP Packet is generally discarded and an ICMP error message is sent back to the source.  The IP Packet encapsulates the TCP Packet (TCP Header + Application Layer Data or PDU). In this article we will go through IP Header Details (IPv4) and its fields.

The IPv4 header is 20 bytes long without Options. Below are the details of the fields of the IP header.

IP Header Format

IP Header Details

IPv4 Header Fields


the Version field tells the IP version number. This is the header for IP version 4 so you'll always see value 4 in this field. This header is not used for IPv6 as IPv6 has a separate header.

Header Length (HLEN) 

Header Length or HLEN is a 4-bit field that tells the length of the IP header in 32 bits increments. The minimum length of an IP header is 20 bytes without the Options field. You will see a value of 5 in this field if the IP header is not using the Options field. 

Type of Service 

Type of Service field is used for Quality of Service. It is an 8-bit field. Using this field, a  packet can be prioritized, classified and handled to utilize network resources.

Total Length 

Total Length field is a 16-bit field that tells the length of the packet including header and data in bytes. The minimum size is 20 bytes (if you have no data) and the maximum size is 65535 bytes.


Identification field is a 16bit field that is used for the uniqueness of the IP Packet. If the IP Packet is bigger in size then defined IP MTU on an interface, it is fragmented into smaller packets. Each fragmented packet is given the same identification number so that it can be re-fragmented at the receiver end. 


Flags field is a 3bits field used when the IP Packet is fragmented. This field also specifies whether fragmentation should occur or not. The 1st bit is always set to 0.  The 2nd bit is called the DF (Don’t Fragment) bit and indicates that this packet should not be fragmented.  The 3rd bit is called the MF (More Fragments) bit and is set on all fragmented packets except the last one.

Fragment Offset 

Fragment Offset is a 13-bit field that specifies the position of the fragment with regards to the original IP packet.

Time to Live (TTL) 

Time to Live or TTL field is an 8 bit field.  The TTL value is set to an IP Packet when it is generated and its value is decremented by one every time the IP packet passes through a network device, This field is helpful to used to prevent packets from looping around forever in the network if it is not destined for anywhere.


Protocol field is an 8-bit field that tells about the upper-layer protocol or the protocol used at the Transport layer. For example, TCP and UDP Protocols have values 6 and 7 respectively. OSPF and EIGRP have Protocol values 89 and 88 respectively.

Header Checksum 

Header Checksum is a 16-bit field is used to store a checksum of the header. Its a kind of cyclic redundancy check value computed for the header. This field is used for integrity checks by the receiver and to check if there are any errors in the IP header. If the computed checksum value doesn't match the checksum value mentioned in the received packet, the packet is dropped.

Source IP 

Source IP  field tells the 32-bit IP address of sending/source device.

Destination IP

Destination IP  field tells the 32-bit IP address of the receiving/destination device.


Options is a field used for network testing, debugging, security purposes. This is a variable-length optional field is not used very often. When this field is used, the header size increases and the same is updated in the Header Length field.

Wireshark capture of an IPv4 header.

IP Header Details, IP Header, IP Header Wireshark Capture

Further, the IP Packet i.e. IP Header + Data from the Transport Layer (TCP Header + PDU) gets encapsulated under the Data Link Layer Frame. The Data Link Layer Encapsulation can be any LAN (Ethernet II, 802.3 LLC)  or WAN (Frame-Relay, ATM, PPP, HDLC etc.).

I hope you have found this article informative and useful and now have a fair understanding of the TCP Header and its important fields such as  Source Port, Destination Port, Sequence Number, Acknowledgement Number, Flags, Window, and Urgent Pointer. For any of the related queries or feedback, kindly write to us at