1
00:00:00,350 --> 00:00:07,130
So looking at an IP packet consisting of a header section and a data section.

2
00:00:07,730 --> 00:00:16,430
We'll see that the IPV four packet header consists of 14 fields and only the options field is well,

3
00:00:16,430 --> 00:00:17,210
optional.

4
00:00:17,300 --> 00:00:23,510
Now I'm not going to talk about each field one by one, but I'll give you a few short explanations of

5
00:00:23,510 --> 00:00:24,950
some of the more pertinent ones.

6
00:00:26,080 --> 00:00:29,650
The version field is always equal to four y.

7
00:00:30,100 --> 00:00:31,210
IPV four.

8
00:00:33,060 --> 00:00:41,100
The Internet header length field is the size of the header in words where word is always going to be

9
00:00:41,100 --> 00:00:42,390
32 bits.

10
00:00:43,250 --> 00:00:46,400
The total length is the entire packet size.

11
00:00:46,400 --> 00:00:48,590
In this case, it's in bytes.

12
00:00:48,620 --> 00:00:49,670
As you know.

13
00:00:49,670 --> 00:00:53,030
But to catch up to speed, one byte is eight bits.

14
00:00:53,940 --> 00:00:55,920
The minimum size is 20 bytes.

15
00:00:55,920 --> 00:01:03,270
So that's a header without data and the maximum is 65,535 bytes.

16
00:01:04,440 --> 00:01:08,790
The flag is used to determine the fragmentation options.

17
00:01:09,180 --> 00:01:14,220
Bit one is DF or don't fragment if it's set.

18
00:01:14,220 --> 00:01:21,570
And I mean by that if this bit is one and fragmentation is required to route the packet, then the packet

19
00:01:21,570 --> 00:01:22,620
is dropped.

20
00:01:22,770 --> 00:01:28,040
Bit two is MF or more fragment for fragmented packets.

21
00:01:28,050 --> 00:01:32,490
All fragments except the last have the MF flag set.

22
00:01:33,220 --> 00:01:35,620
Bit zero is reserved for the future.

23
00:01:37,090 --> 00:01:39,250
TTL or Time to Live.

24
00:01:39,800 --> 00:01:42,080
Is to limit the lifetime of a packet.

25
00:01:42,110 --> 00:01:43,340
It's a hop count.

26
00:01:43,340 --> 00:01:49,910
Basically, when the packet arrives at a router, the router decrements the TTL field by one.

27
00:01:51,220 --> 00:01:56,680
Protocol field is the protocol used in the data portion of the IP packet.

28
00:01:56,710 --> 00:02:00,820
So that's going to be TCP, UDP, ICMP.

29
00:02:02,050 --> 00:02:07,990
Source address and destination address fields are the most important fields of an IP header.

30
00:02:08,259 --> 00:02:14,590
These fields are the IPv4 address of the sender of the packet and the IPv4 address of the receiver of

31
00:02:14,590 --> 00:02:15,340
the packet.

32
00:02:16,110 --> 00:02:22,020
Please note that this address may be changed in transit by a network address translation device.

33
00:02:22,320 --> 00:02:23,970
We'll talk about that later.

34
00:02:24,850 --> 00:02:28,630
This is how an IPV four packet is seen on Wireshark.

35
00:02:29,390 --> 00:02:32,060
So it's a DNS query response.

36
00:02:32,330 --> 00:02:35,750
The fields we mentioned are seen pretty clearly.

37
00:02:36,590 --> 00:02:37,670
Versions for.

38
00:02:39,240 --> 00:02:42,480
At her length is five words, which means no options.

39
00:02:42,480 --> 00:02:43,000
Field.

40
00:02:44,150 --> 00:02:46,310
Total length is 96 bytes.

41
00:02:47,370 --> 00:02:50,190
MF and DF flags are not set.

42
00:02:51,170 --> 00:02:55,670
And you can see the source and the destination addresses and all the rest.