Useful Articles


IP Header Details

IP Header Details (IPv4)

IP protocol is one of the main protocols in the TCP/IP stack. It is in the form of IP Packets that all the transport layer protocols, for example, TCP, UDP, ICMP and IGMP data travels over the network. IP is connection less and unreliable protocol. It is connection less in the sense that no state related to IP Packets are maintained either on source or destination side and it is unreliable in the sense that it not guaranteed that an IP data gram will get delivered to the destination or not. If an IP Packet encounters some error at the destination or at some intermediate host (while traveling from source to destination) then the IP Packet is generally discarded and an ICMP error message is sent back to the source.  The IP Packet encapsulates the TCP Packet (TCP Header + Application Layer Data or PDU). In this article we will go through IP Header Details (IPv4) and its fields.

The IPv4 header is 20 bytes long without Options. Below are the details of the fields of the IP header.

IP Header Details

Below is the description of IP Header Fields:
  • Version - This field tells the IP version number. This is the header for IP version 4 so you'll always see value 4 in this field. This header is not used for IPv6 as IPv6 has a separate header.
  • Header Length(or HLEN) -  It is a 4-bit field that tells the length of the IP header in 32 bits increments. The minimum length of an IP header is 20 bytes without the Options field. You will see a value of 5 in this field if the IP header is not using the Options field. 
  • Type of Service - This field is used for Quality of Service. It is an 8-bit field. Using this field, a  packet can be prioritized, classified and handled to utilize network resources.
  • Total Length -  It is a 16-bit field that tells the length of the packet including header and data in bytes. The minimum size is 20 bytes (if you have no data) and the maximum size is 65535 bytes.
  • Identification - This is a 16bit field that is used for the uniqueness of the IP Packet. If the IP Packet is bigger in size then defined IP MTU on an interface, it is fragmented into smaller packets. Each fragmented packet is given the same identification number so that it can be refragmented at the receiver end. 
  • Flags - This is a 3bits field used when the IP Packet is fragmented. This field also specifies whether fragmentation should occur or not. The 1st bit is always set to 0.  The 2nd bit is called the DF (Don’t Fragment) bit and indicates that this packet should not be fragmented.  The 3rd bit is called the MF (More Fragments) bit and is set on all fragmented packets except the last one.
  • Fragment Offset - This is a 13-bit field that specifies the position of the fragment with regards to the original IP packet.
  • Time to Live(TTL) -  It is an 8 bit field.  The TTL value is set to an IP Packet when it is generated and its value is decremented by one every time the IP packet passes through a network device, This field is helpful to used to prevent packets from looping around forever in the network if it is not destined for anywhere.
  • Protocol - This is an 8-bit field that tells about the upper-layer protocol or the protocol used at the Transport layer. For example, TCP and UDP Protocols have values 6 and 7 respectively. OSPF and EIGRP have Protocol values 89 and 88 respectively.
  • Header Checksum -  It is a 16-bit field is used to store a checksum of the header. Its a kind of cyclic redundancy check value computed for the header. This field is used for integrity checks by the receiver and to check if there are any errors in the IP header. If the computed checksum value doesn't match the checksum value mentioned in the received packet, the packet is dropped.
  • Source IP Address - This field tells the 32-bit IP address of sending/source device.
  • Destination Address - This field tells the 32-bit IP address of the receiving/destination device.
  • Options - This is a field used for network testing, debugging, security purposes. This is a variable-length optional field is not used very often. When this field is used, the header size increases and the same is updated in the Header Length field.
 Below is the Wireshark capture of an IPv4 header.

IP Header Details, IP Header, IP Header Wireshark Capture

Further, the IP Packet i.e. IP Header + Data from the Transport Layer (TCP Header + PDU) gets encapsulated under the Data Link Layer Frame. The Data Link Layer Encapsulation can be any LAN (Ethernet II, 802.3 LLC)  or WAN (Frame-Relay, ATM, PPP, HDLC etc.).

I hope you have found this article informative and useful and now have a fair understanding of the TCP Header and its important fields such as  Source Port, Destination Port, Sequence Number, Acknowledgement Number, Flags, Window, and Urgent Pointer. For any of the related queries or feedback, kindly write to us at