IPv4, also known as the fourth version of Internet Protocol, is the core protocol that routes most of the Internet traffic. This is a connectionless protocol transmitted above TCP (Transmission Control Protocol), which means that the state of the connection is not preserved and the data is transmitted to the receiver without ensuring that the recipient is available or not.
IPv4 uses 32-bit addressing which allows a total of 4,294,967,296 (232) addresses. Some addresses are reserved for public and private networks. An IP address consists of four octets which are separated by a period, which is also known as dotted-decimal notation.
For example, the IP address 172.16.254.1 represents four octets, like you can see in the image as:
IP Packet Structure
An IP packet consists of header information as well as encapsulated data. An IP header consists of 14 fields and contains necessary information required to deliver the packet at another end.
- Version (4-bit): Provides the version number of Internet Protocol used (such as IPv4).
- IHL (4-bit): Refers to Internet Header Length which is the length of an entire IP header.
- DSCP (8-bit): Differentiated Services Code Point, also called Type of Service, and caters to data from emerging technologies.
- _ECN: Explicit Congestion Notification provides information about the network congestion seen in the route.
- Total Length (16-bit): Length of entire IP packet, which includes IP header and encapsulated data.
- Identification (16-bit): This field is used to uniquely identify a group of fragments in the single IP packet.
- Flags (3-bit): This is a three-bit field that’s used to identify and control fragments. In this 3-bit flag, the bit 0 is always set to ‘0’.
- Fragment Offset (13-bit): This offset provides the location of the fragment in the original IP Packet.
- Time to Live (TTL-8 bits): Every packet is sent with some TTL value set to avoid looping in the network. TTL tells the network about the hops it has crossed on the router. With each hop, the TTL value is decremented by one, and when the value reaches zero, the packet is discarded.
- Protocol (8-bit): This field provides the protocol that’s used in the data part of the packet (ICMP-1, TCP-6, UDP-17, IPv6-41, VINES-83, OSPF-89, SCTP-132).
- Header Checksum (16-bit): This field is used for error-checking of the entire header. The value of the header checksum is matched at the router and the packet is discarded if values don’t match.
- Source Address: The field is in 32-bit address of the sender of the packet.
- Destination Address: This field is in 32-bit address of the receiver who receives the packet.
- Optional (0-40 bits): This is an optional field which is used if the value of header length (IHL) is greater than 5. This may contain information like Security, Time-stamp or Record-Route.
IP Packet Fragmentaion
IP packet fragmentation is a communication procedure in which IP datagrams are broken down into small packets, transmitted across a network and then reassembled back into the original datagram.
Fragmentation is necessary for data transmission, as every network has a unique limit for the size of datagrams that it can process. This limit is known as the maximum transmission unit (MTU). If a datagram is being sent that is larger than the receiving server’s MTU, it has to be fragmented in order to be transmitted completely.
The IP header in every datagram contains flags detailing whether fragmentation is allowed to take place. In cases where a “don’t fragment” flag is attached to the IP header, the packet is dropped and the server sends out a message saying that the ICMP datagram is too big to transmit. The offset explains to the recipient device the exact order the fragments should be placed in for reassembly.
Teardrop attacks exclusively use the fragmentation and compilation process of IP protocol. ICMP/UDP attacks also target the network’s MTU.