The Whole Header

The IPv4 Header Strip

The whole header is one byte-exact strip of tiled fields. This lesson reads two complete headers end to end and keeps checksum mechanics deferred.

highlighted = computed this step

Read left to right

A full header is still a sequence of exact fields. The full header starts with version 4 and IHL 5. After IHL comes the type-of-service byte 0x00, then total length 60.

450x00604\mid5\mid0x00\mid60
IPv4 header bitstripPinned byte-exact IPv4 header field decode.IPv4 header160 bits / 20 bytes0x4500003c1c4640004006b1e6ac100a63ac100a0cbyte 0byte 1byte 2byte 301000101000000000000000000111100byte 4byte 5byte 6byte 700011100010001100100000000000000byte 8byte 9byte 10byte 1101000000000001101011000111100110byte 12byte 13byte 14byte 1510101100000100000000101001100011byte 16byte 17byte 18byte 1910101100000100000000101000001100version4ihl5dscp_ecn0x00total_length60identification0x1c46fragment_offset0ttl64protocol6->TCPheader_checksum0xb1e6src172.16.10.99dst172.16.10.12reserved_flag: clear df: set mf: clear

Middle fields

Next comes identification 0x1c46. The flags reconnect to the flags lesson: DF is set, and the fragment offset is 0. TTL is 64 (0x40) before protocol.

0x1c461640x1c46\mid1\mid64
IPv4 header bitstripPinned byte-exact IPv4 header field decode.IPv4 header160 bits / 20 bytes0x4500003c1c4640004006b1e6ac100a63ac100a0cbyte 0byte 1byte 2byte 301000101000000000000000000111100byte 4byte 5byte 6byte 700011100010001100100000000000000byte 8byte 9byte 10byte 1101000000000001101011000111100110byte 12byte 13byte 14byte 1510101100000100000000101001100011byte 16byte 17byte 18byte 1910101100000100000000101000001100version4ihl5dscp_ecn0x00total_length60identification0x1c46fragment_offset0ttl64protocol6->TCPheader_checksum0xb1e6src172.16.10.99dst172.16.10.12reserved_flag: clear df: set mf: clear

Protocol and endpoints

Protocol 6 maps to TCP. The source is 172.16.10.99 and the destination is 172.16.10.12.

6TCP6\mapsto TCP
IPv4 header bitstripPinned byte-exact IPv4 header field decode.IPv4 header160 bits / 20 bytes0x4500003c1c4640004006b1e6ac100a63ac100a0cbyte 0byte 1byte 2byte 301000101000000000000000000111100byte 4byte 5byte 6byte 700011100010001100100000000000000byte 8byte 9byte 10byte 1101000000000001101011000111100110byte 12byte 13byte 14byte 1510101100000100000000101001100011byte 16byte 17byte 18byte 1910101100000100000000101000001100version4ihl5dscp_ecn0x00total_length60identification0x1c46fragment_offset0ttl64protocol6->TCPheader_checksum0xb1e6src172.16.10.99dst172.16.10.12reserved_flag: clear df: set mf: clear

Checksum note

The checksum field is 0xb1e6. The checksum is recomputed and verified in a later book, The checksum that never lies.

checksum=0xb1e6\text{checksum}=0xb1e6
IPv4 header bitstripPinned byte-exact IPv4 header field decode.IPv4 header160 bits / 20 bytes0x4500003c1c4640004006b1e6ac100a63ac100a0cbyte 0byte 1byte 2byte 301000101000000000000000000111100byte 4byte 5byte 6byte 700011100010001100100000000000000byte 8byte 9byte 10byte 1101000000000001101011000111100110byte 12byte 13byte 14byte 1510101100000100000000101001100011byte 16byte 17byte 18byte 1910101100000100000000101000001100version4ihl5dscp_ecn0x00total_length60identification0x1c46fragment_offset0ttl64protocol6->TCPheader_checksum0xb1e6src172.16.10.99dst172.16.10.12reserved_flag: clear df: set mf: clear

Decode it again

Now do the whole thing again. The second full header starts with version 4, IHL 5, type-of-service 0x00, and total length 40. Its identification is 0xabcd, all fragment flags are clear, TTL is 128, and protocol 17 maps to UDP.

0xabcd128170xabcd\mid128\mid17
Second full IP headerA UDP DNS-style header is decoded with the same field tiling.UDP DNS header160 bits / 20 bytes0x45000028abcd00008011be3ec0a8000108080808byte 0byte 1byte 2byte 301000101000000000000000000101000byte 4byte 5byte 6byte 710101011110011010000000000000000byte 8byte 9byte 10byte 1110000000000100011011111000111110byte 12byte 13byte 14byte 1511000000101010000000000000000001byte 16byte 17byte 18byte 1900001000000010000000100000001000version4ihl5dscp_ecn0x00total_length40identification0xabcdfragment_offset0ttl128protocol17->UDPheader_checksum0xbe3esrc192.168.0.1dst8.8.8.8reserved_flag: clear df: clear mf: clear

Contrast the two headers

Compared with the first header, TTL changes from 64 to 128; protocol changes from TCP to UDP; DF changes from set to clear; and the destination becomes 8.8.8.8.

6412864\to128
Second full IP headerA UDP DNS-style header is decoded with the same field tiling.UDP DNS header160 bits / 20 bytes0x45000028abcd00008011be3ec0a8000108080808byte 0byte 1byte 2byte 301000101000000000000000000101000byte 4byte 5byte 6byte 710101011110011010000000000000000byte 8byte 9byte 10byte 1110000000000100011011111000111110byte 12byte 13byte 14byte 1511000000101010000000000000000001byte 16byte 17byte 18byte 1900001000000010000000100000001000version4ihl5dscp_ecn0x00total_length40identification0xabcdfragment_offset0ttl128protocol17->UDPheader_checksum0xbe3esrc192.168.0.1dst8.8.8.8reserved_flag: clear df: clear mf: clear

Summary

Both full headers are decoded by the same tiling rule. The checksum fields are shown here, but checksum verification is still explained in the later checksum book. Byte layout only; timing/throughput is not modeled here. Timing/throughput is not modeled here — only the exact byte layout.

header bytes=20\text{header bytes}=20
IPv4 header bitstripPinned byte-exact IPv4 header field decode.IPv4 header160 bits / 20 bytes0x4500003c1c4640004006b1e6ac100a63ac100a0cbyte 0byte 1byte 2byte 301000101000000000000000000111100byte 4byte 5byte 6byte 700011100010001100100000000000000byte 8byte 9byte 10byte 1101000000000001101011000111100110byte 12byte 13byte 14byte 1510101100000100000000101001100011byte 16byte 17byte 18byte 1910101100000100000000101000001100version4ihl5dscp_ecn0x00total_length60identification0x1c46fragment_offset0ttl64protocol6->TCPheader_checksum0xb1e6src172.16.10.99dst172.16.10.12reserved_flag: clear df: set mf: clear