1
00:00:00,580 --> 00:00:06,940
‫So looking at an IP packet consisting of a header section and a data section.

2
00:00:07,930 --> 00:00:16,990
‫We'll see that the IPv4 packet header consists of 14 fields and only the options field is, well, optional.

3
00:00:17,590 --> 00:00:23,590
‫Now I'm not going to talk about each field one by one, but I'll give you a few short explanations of

4
00:00:23,590 --> 00:00:24,790
‫some of the more pertinent ones.

5
00:00:26,230 --> 00:00:28,870
‫The version field is always equal to four.

6
00:00:29,130 --> 00:00:31,060
‫Why IPV four?

7
00:00:33,260 --> 00:00:40,970
‫The Internet header length IHF field is the size of the header in words where word is always going to

8
00:00:40,970 --> 00:00:42,170
‫be 32 bits.

9
00:00:43,460 --> 00:00:50,450
‫The total length is the entire package size in this case, it's in bytes, as you know, but to get

10
00:00:50,450 --> 00:00:52,850
‫you up to speed, one bite is a bit.

11
00:00:54,120 --> 00:01:03,090
‫The minimum size is 20 bytes, so that's a header without data and the maximum is 65000 535 bytes.

12
00:01:04,650 --> 00:01:08,580
‫The flag is used to determine the fragmentation options.

13
00:01:09,450 --> 00:01:14,070
‫Bit one is the A4 don't fragment if it's set.

14
00:01:14,370 --> 00:01:21,240
‫And I mean by that, if this bit is one and fragmentation is required to route the packet, then the

15
00:01:21,240 --> 00:01:22,400
‫packet is dropped.

16
00:01:23,040 --> 00:01:25,980
‫Bit too is M.F. or more fragment.

17
00:01:26,900 --> 00:01:32,330
‫For fragmented package, all fragments, except the last have the IMF flag set.

18
00:01:33,250 --> 00:01:35,530
‫Net zero is reserved for the future.

19
00:01:37,250 --> 00:01:39,080
‫Title or time to live.

20
00:01:39,980 --> 00:01:42,080
‫Is to limit the lifetime of a packet.

21
00:01:42,320 --> 00:01:48,620
‫It's a hot count, basically, when the packet arrives at a router, the router decrements the total

22
00:01:48,620 --> 00:01:49,760
‫field by one.

23
00:01:51,430 --> 00:01:56,470
‫Protocol field is the protocol used in the data portion of the IP packet.

24
00:01:56,930 --> 00:02:01,120
‫So that's going to be TCP, udp, ICMP.

25
00:02:02,300 --> 00:02:07,790
‫Source address and destination address fields are the most important fields of an IP header.

26
00:02:08,570 --> 00:02:14,660
‫These fields are the IPv4 address of the sender of the packet and the IPv4 address of the receiver of

27
00:02:14,660 --> 00:02:15,140
‫the packet.

28
00:02:16,240 --> 00:02:21,820
‫Please note that this address may be changed in transit by a network address translation device.

29
00:02:22,570 --> 00:02:23,800
‫We'll talk about that later.

30
00:02:25,080 --> 00:02:28,500
‫This is how an IPv4 packet is seen on Wireshark.

31
00:02:29,610 --> 00:02:31,800
‫So it's a DNS query response.

32
00:02:32,670 --> 00:02:35,580
‫The fields we mentioned are seen pretty clearly.

33
00:02:36,660 --> 00:02:37,530
‫Versions for.

34
00:02:39,310 --> 00:02:42,880
‫Header length is five words, which means no options field.

35
00:02:44,220 --> 00:02:46,080
‫Go to length is 96 bytes.

36
00:02:47,320 --> 00:02:50,050
‫Mfe and deer flags are not set.

37
00:02:51,300 --> 00:02:55,440
‫And you can see the source and the destination addresses and all the rest.