(PPA) 2.2.1 - PacketHeaders

Practical Packet Analysis Online Course
Ethernet Version 2
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
Byte Offset 0 Byte Offset 1 Byte Offset 2 Byte Offset 3
Destination Address (48-bit)
Destination Address (cont...) Source Address (48-bit)
Source Address (cont…)
Type (16-bit) Data (Variable Length)
Data (Continued) (Variable Length)
Frame Check Sequence (32-bit)
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
Type IPv4 0x0800

ARP 0x0806
IPv6 0x86DD
27 28 29 30 31
Byte Offset 3
Byte Offset 7
ress (48-bit)
Byte Offset 11
Byte Offset 15
ble Length)
Byte Offset 19
27 28 29 30 31
IPv4 Header (RFC 791)
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
Version IP Hdr Length
Type of Service (8-bit) Total Length (16-bit) (in Byte Offsets)
(4-bit) (4-bit)
IP Identification Number (16-bit) R DF MF Fragment Offset (13-bit)
Time to Live (8-bit) Protocol (8-bit) Header Checksum (16-bit)
Source IP Address (32-bit)
Destination IP Address (32-bit)
IP Options (Variable - If Any)
Data (Variable Length)
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
IP Version Number Valid values are: 4 for IPv4 6 for IPv6
IP Header Length 4 Byte Multiplier Min Value 5 (20 bytes) Max Value 15 (60 bytes)
Total Length No Multiplier Max Length 65535
Flags R - Reserved D - Don't Fragment MF - More Fragments (1=Yes 0=No)
Fragment Offset 8 Byte Multiplier Max Size 65528
IP Protocol Dec Hex Proto Dec Hex Proto

1 0x01 ICMP 17 0x11 UDP
2 0x02 IGMP 47 0x2F GRE
6 0x06 TCP 50 0x32 ESP
9 0x09 IGRP 51 0x33 AH
27 28 29 30 31
Byte Offset 3
it) (in Byte Offsets)
Byte Offset 7
ment Offset (13-bit)

20 Bytes
Byte Offset 11
ksum (16-bit)
Byte Offset 15
Byte Offset 19
Byte Offset 23
Variable
27 28 29 30 31
IPv6 Header (RFC 2460)
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
Version (4-bit) Traffic Class (8-bit) Flow Label (20-bit)
Payload Length (16-bit) Next Header (8-bit) Hop Limit (8-bit)
Source IP Address (128-bit)
Source IP Address (cont.)
Destination IP Address (128-bit)
Destination IP Address (cont.)
Next Header (8-bit) Extension Header Information (Variable Length)
Extension Header Information (Variable Length)
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
IP Version Number Valid values are: 4 for IPv4 6 for IPv6
Payload Length No Multiplier
Next Header Dec Hex Proto Dec Hex Proto

1 0x01 ICMP 17 0x11 UDP
2 0x02 IGMP 47 0x2F GRE
6 0x06 TCP 50 0x32 ESP
9 0x09 IGRP 51 0x33 AH
27 28 29 30 31
Byte Offset 3
t)
Byte Offset 7
Hop Limit (8-bit)
Byte Offset 11
Byte Offset 15
Byte Offset 19
40 Bytes
Byte Offset 23
Byte Offset 27
Byte Offset 31
Byte Offset 35
Byte Offset 39
Byte Offset 43
Variable
Length)
27 28 29 30 31
ICMP Header (RFC 792)
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
Message Type (8-bit) Message Code (8-bit) Checksum (16-bit)
(Variable Contents Depending on Type and Code)
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
Common Types & Codes

T C
0 0 Echo reply
3 0 Destination Unreachable
0 Net Unreachable
1 Host Unreacheable
2 Protocol Unreachable
3 Port Unreachable
5 0 Redirect
8 0 Echo Request
11 0 Time Exceeded
0 Time to Live Exceeded in Transit
1 Fragment Reassembly Time Exceeded
13 0 Timestamp Request
14 0 Timestamp Reply
15 0 Information Request
16 0 Information Reply
17 0 Address Mask Request
18 0 Address Mask Reply
27 28 29 30 31
Byte Offset 3 4 Bytes Variable
m (16-bit)
Byte Offset 7
27 28 29 30 31
TCP Header (RFC 793)
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
Source Port Number (16-bit) Destination Port Number (16-bit)
Sequence Number (32-bit)
Acknowledgement Number (32-bit)
CWR
Hdr Length (4- Reserved

URG
ACK
ECE
PSH
SYN
RST
FIN
Window Size (16-bit)
bit) (4-bit)

Checksum (16-bit) Urgent Pointer (16-bit)
TCP Options (Variable - If Any)
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
Header Length 4 Byte Multiplier Min Value 5 (20 bytes) Max Value 15 (60 bytes)
TCP Flags
CWR - Congestion Window Reduced PSH - Push
ECE - Explicit Congestion Notification Echo RST - Reset
URG - Urgent SYN - Synchronize
ACK - Acknowledgement FIN - Finish
** Note: Per RFC 793, the CWR and ECE bits were originally part of the Reserved section starting in 0x12
Common TCP Options

0 End of Options List 2 Maximum Segment Size 4 Selective ACK OK
1 No Operation (Padding) 3 Window Scale 8 Timestamp
27 28 29 30 31
Byte Offset 3
Number (16-bit)
Byte Offset 7
20 Bytes
Byte Offset 11
Byte Offset 15
ize (16-bit)
Byte Offset 19
nter (16-bit)
Byte Offset 23
Variable
27 28 29 30 31
tarting in 0x12
UDP Header (RFC 768)
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
Source Port Number (16-bit) Destination Port Number (16-bit)
Length (16-bit) Checksum (16-bit)
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
Length No Multiplier Max Length 65515

27 28 29 30 31
Byte Offset 3 8 Bytes
Number (16-bit)
Byte Offset 7
m (16-bit)
Byte Offset 11
Var
27 28 29 30 31

(PPA) 2.2.1 - PacketHeaders

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

(PPA) 2.2.1 - PacketHeaders

Uploaded by

Copyright:

Available Formats

Practical Packet Analysis Online Course

Destination Address (48-bit)

Byte Offset 4 Byte Offset 5 Byte Offset 6 Byte Offset 7

Destination Address (cont...) Source Address (48-bit)

Byte Offset 8 Byte Offset 9 Byte Offset 10 Byte Offset 11

Source Address (cont…)

Byte Offset 12 Byte Offset 13 Byte Offset 14 Byte Offset 15

Type (16-bit) Data (Variable Length)

Byte Offset 16 Byte Offset 17 Byte Offset 18 Byte Offset 19

Data (Continued) (Variable Length)

Frame Check Sequence (32-bit)

Type IPv4 0x0800

IP Identification Number (16-bit) R DF MF Fragment Offset (13-bit)

Byte Offset 8 Byte Offset 9 Byte Offset 10 Byte Offset 11

Time to Live (8-bit) Protocol (8-bit) Header Checksum (16-bit)

Byte Offset 12 Byte Offset 13 Byte Offset 14 Byte Offset 15

Source IP Address (32-bit)

Byte Offset 16 Byte Offset 17 Byte Offset 18 Byte Offset 19

Destination IP Address (32-bit)

Byte Offset 20 Byte Offset 21 Byte Offset 22 Byte Offset 23

IP Options (Variable - If Any)

Data (Variable Length)

IP Version Number Valid values are: 4 for IPv4 6 for IPv6

Total Length No Multiplier Max Length 65535

Flags R - Reserved D - Don't Fragment MF - More Fragments (1=Yes 0=No)

Fragment Offset 8 Byte Multiplier Max Size 65528

IP Protocol Dec Hex Proto Dec Hex Proto

it) (in Byte Offsets)

ment Offset (13-bit)

IP Version Number Valid values are: 4 for IPv4 6 for IPv6

Payload Length No Multiplier

Next Header Dec Hex Proto Dec Hex Proto

Message Type (8-bit) Message Code (8-bit) Checksum (16-bit)

Byte Offset 4 Byte Offset 5 Byte Offset 6 Byte Offset 7

(Variable Contents Depending on Type and Code)

Common Types & Codes

Hdr Length (4- Reserved

Byte Offset 16 Byte Offset 17 Byte Offset 18 Byte Offset 19

Common TCP Options

Length No Multiplier Max Length 65515

You might also like