(追記) (追記ここまで)
Tech Info - IP Message Formats
We got fed up one day looking for the definition of this stuff in a single place and that we could find in 1 minute - so we created our own. Not exhaustive - check the RFCs for the 'skinny'. You can get RFCs from the IETF.
If you have a high threshold of pain you may want to read about IP addressing, CIDR, subnets and netmask. Or if you are real smart get wireshark and let it do the interpretation for you. We have added a description of the IPv6 version.
Note: All of the field values defined within each protocol are not maintained within the protocol RFC itself but by IANA (Internet Assigned Numbers Association).
Contents
- IP header Defined by the venerable RFC 791.
- TCP header Defined by RFC 793
-
- UDP header Defined by RFC 768
-
- ICMP header Defined by RFC 950
IP Header
Octet
Bits
Len
Name
Notes
0
0-3
-
Version
4 bits. IP version number. Current version is 4.
0
4-7
-
Hdr length
4 bits. Length of IP header in 32 bit words (4 octets). Minimum valid is 5 (20 octets).
1
-
1
ToS
1 octet. Type of Service. Rarely used, often misused or abused.
bit 0-2: Precedence
bit 3: Delay 0 = normal 1 = low
bit 4: Throughtput 0 = normal 1 = high
bit 5: Reliability 0 = normal 1 = high
bit 6-7: Reserved
Precedence
111 Network Control
110 Internetwork Control
101 CRITIC/ECP
100 Flash override
011 Flash
010 Immediate
001 Priority
000 Routine
When used with Explicit Congestion Notification (ECN) (RFC 3168) may take values defined
here and
here.
2-3
-
2
Total Length
2 Octets. Total length in octets of this packet starting from octet 0 of this header.
4-5
-
2
Identification
2 Octets. Sequence number used when fragmenting IP packets for a given media type.
6
0-3
-
Flags
3 bits. Usage
bit 0 - not used = 0
bit 1 (DF) = 1 do not fragment
bit 2 (MF) = 1 more fragments to come
6-7
4-15
-
Version
13 bits. Fragment start offset measured in 8 octet (64 bit) units. First fragment is zero.
10-11
-
1
Checksum
2 octets. See RFCs 1141 & 1624. Covers IP header ONLY.
12-15
-
4
Source
4 octets. Source IP address.
16-19
-
4
Destination
4 octets. Destination IP address.
Notes:
- Time to Live originally involved a sense of time. It is now used as a simple, but very effective, count to prevent routing errors and loops. Every router that handles the packet decrements the TTL value and if it reaches zero the packet is returned with a ICMP Time Exceeded message. A trace route comand (tracert) is usually a series of ping commands with increasing values of the TTL parameter such that the packet will be returned from each successive router. Called a hop limit in IPv6 to clarify its use.
Up Arrow
ICMP Header
Internet Control Message Protocol (ICMP) is used to perform many network 'housekeeping' tasks. Each ICMP message has a slightly different format but the first 4 bytes are ALWAYS the same.
Octet
Len
Name
Notes
1
1
Code
Code values are message specific.
2-3
2
Checksum
-
Notes:
- Checksum is IP one's complement standard (RFCs 1141 and 1624).
ICMP Echo Request/Response (Ping)
In a ping operation the entire packet is echo'd (or pinged as in ping-pong) back to the sender. A trace route comand (tracert) is usually a series of ping commands with increasing values of the TTL parameter (in IP header) such that it will be returned from each successive router.
Octet
Len
Name
Notes
0
1
ICMP Type
Message Type
8 = Echo request
0 = echo reply
1
1
Code
Code = 0
2-3
2
Checksum
-
4-5
2
Identifier
Used by sender to identify operation.
6-7
2
Sequence
Used by sender to identify operation.
8+
?
Data
Optional Data field.
ICMP Unreachable
The code field specifies the type of error.
Octet
Len
Name
Notes
0
1
ICMP Type
Message Type
1 = Host unreachable
1
1
Code
0 = Network unreachable
1 = Host unreachable
2 = Protocol unreachable
3 = Port unreachable
4 = Frag needed but DF set
5 = Source route failed
6 = Destination network unknown
7 = Destination host unknown
8 = Source host isolated
9 = Network access prohibited
10 = Host access prohibited
11 = Network unreachable for ToS
12 = Host unreachable for ToS
2-3
2
Checksum
-
4-5
2
Not used
Must be zero
6-7
2
Not used
Must be zero
8+
?
User Packet
IP header plus first 64 bits (8 octets) of failing datagram.
ICMP Source Quench
Great idea but most implementations seem to ignore this polite request to stop sending so much data.
Octet
Len
Name
Notes
0
1
ICMP Type
Message Type
4 = Source Quench
1
1
Code
Always 0
2-3
2
Checksum
-
4-5
2
Not used
Must be zero
6-7
2
Not used
Must be zero
8+
?
User Packet
IP header plus first 64 bits (8 octets) of last datagram.
ICMP Redirect
Indicates the host should use the specified gateway to reach the IP address contained in the returned message.
Octet
Len
Name
Notes
0
1
ICMP Type
Message Type
5 = ICMP redirect
1
1
Code
May take one of the following values
0 = redirect datagrams for net (obsolete)
1 = redirect datagrams for host
2 = redirect datagrams for ToS and net
3 = redirect datagrams for Tos and host
2-3
2
Checksum
-
4-7
4
Gateway IP
Specifies that, for the destination host in the returned datagram, this gateway should be used.
8+
?
User Packet
IP header plus first 64 bits (8 octets) of failing datagram.
ICMP Time Exceeded
Message returned by the discovering router when the TTL count reaches 0 in the IP header or timeout problem with fragmentation.
Octet
Len
Name
Notes
0
1
ICMP Type
Message Type
11 = ICMP Time Exceeded
1
1
Code
May take one of the following values
0 = Time to Live count = 0 (exceeded)
1 = fragment reassembly time exceeded
2-3
2
Checksum
-
4-7
4
Unused
must be zero.
8+
?
User Packet
IP header plus first 64 bits (8 octets) of failing datagram.
Up Arrow
UDP Header
UDP (User Datagram Protocol) is a connectionless protocol and represents a lightweight method of sending and receiving data.
Octet
Len
Name
Notes
0-1
2
Source port
-
4-5
2
UDP Length
Length of UDP packet starting from Octet 0.
Notes
- UDP Checksum. If a UDP checksum is present (optional for IPv4, mandatory for IPv6) it is assumed to have a 'psuedo header' field of the following format prepended to the data:
Octet
Len
Name
Notes
0-3
4
Source
Source IP address
4-7
4
Destination
Destination IP address
8
1
Zero
Always zero
9
1
Protocol
Always 17 for UDP
10-11
2
Length
Length of UDP packet (excluding this psuedo header)
The UDP checksum is computed by including the above 'pseudo header' plus the total UDP packet including the 'real' UDP header.
- Checksum is IP one's complement standard (RFCs 1141 and 1624).
Up Arrow
TCP Header
TCP (Transmission Control Protocol) is a connection-oriented protocol (it has opens and closes and stuff) and provides secure data transfer (the protocol includes ACKs and stuff). You can get the same level of service using UDP but you have to 'hand-carve' the opening, closing and ACK processes. TCP is incredibly efficient and its windowing mechanism especially provides very fast network performance adaptive feedback. RFC 7414 provides a useful overview of all the relevant TCP parameters and options.
Octet
Bits
Len
Name
Notes
0-1
-
2
Source port
-
2-3
-
2
Destination Port
-
4-7
-
4
Sequence number
position of last octet we sent.
8-11
-
4
Acknowledge Number
Next octet number we expect from the peer.
12
0-3
-
HLEN
4 bits. The number of 32 bit multiples (4 octets) in the TCP header including any 'options' fields.
12
4-7
-
Reserved
should be zero
13
-
1
Code bits
8 bits (6 used) valid if 1
bit 0 (URG) Urgent
bit 1 (ACK) Acknowledgement
bit 2 (PSH) Requests PUSH
bit 3 (RST) Reset connection
bit 4 (SYN) Sync sequence numbers
bit 5 (FIN) sender finished
14-15
-
2
Window
Specifies the amount of data we can accept.
18-19
-
2
Urgent pointer
Points to end of urgent data.
TCP data
NOTES:
- The TCP checksum is assumed to have a 'psuedo header' field of the following format prepended to the data:
Octet
Len
Name
Notes
0-3
4
Source
Source IP address
4-7
4
Destination
Destination IP address
8
1
Zero
Always zero
9
1
Protocol
Always 6 for TCP
10-11
2
Length
Length of TCP packet (excluding this psuedo header)
The TCP checksum is computed by including the above pseudo header plus the total TCP packet including the real TCP header.
- Checksum is IP one's complement standard (RFCs 1141 and 1624).
TCP Options
TCP allows a number of options sent with the SYN command. Option list MUST be padded with zeros (end of list option) to a multiple of 32 bits. Options may be one byte or multiple bytes (TLD - Type/Length/Data - format) in which case octet 2 is always the length value, octet 3+ contains data.
Big Deal: RFC 7323, the first TCP Option change for over 20 years, introduced new options to improve performance on high speed and high-delay networks.
Currently defined options are (exhaustive list is here):
Octet 0
Type
Len
Data
Name
0
One byte
1
-
End of option list
1
One byte
1
-
Padding (MAY be used to align data)
2
TLD
4
max segment size
Segment size option
Up Arrow
Problems, comments, suggestions, corrections (including broken links) or something to add? Please take the time from a busy life to 'mail us' (at top of screen), the webmaster (below) or . You will have a warm inner glow for the rest of the day.