The IP Datagram

I wanted to know and now you can too.

IP| ICMP| TCP| UDP| ARP| RARP
rfc 791 (IP), rfc 792 (ICMP), rfc 793 (TCP), rfc 768 (UDP), rfc 826 (ARP), rfc 903 (RARP)

0 . . 3 4 . . 7 8 . . . . . . 15 16 . 18 19 . . . 23 24 . . . . . . 31

ipv ihl tos total length

identification flags frag offs

ttl proto header checksum

source address

destination address

(options) (padding)

(data)

ip version (4 bits)
The ip protocol version. Currently 4 as of 1979 (rfc 791).
ip header length (4 bits)
Total header length in 32 bit words. Usually five (5) (since you hardly ever use options). Sort of silly because values of 0-4 cannot be used. Perhaps these could be used as some sort of biased value to extend the length of the header?

type of service (8 bits)
Describes how the packet should be handled in transit (speed vs. reliability vs. throughput). Bits arranged as follows:

0 1 2 3 4 5 6 7

precedence d t r reserved

bits 0-2:
(precedence) 000 - routine traffic
001 - priority
010 - immediate
011 - flash
100 - flash override
101 - critic/ecp
110 - internetwork control
111 - network control

bit 3: (d) normal(0)/low(1) delay

bit 4: (t) normal(0)/high(1) throughput

bit 5: (r) normal(0)/high(1) reliability

bits 6-7: reserved for future use

total packet length (16 bits)
Packet length in bytes up to 65535 (includes the bytes in the header). You won't probably won't see many packets this big because ethernet framing doesn't let you have anything more than 1500 and modem links are usually set much lower (about 296 perhaps?) for responsiveness. So larger poackets would always get fragemented and that's something to avoid. If possible.
identification (16 bits)
An identifying number to be used to reassemble fragmented packets.
fragmentation flags (3 bits)
Flags controlling whether a packet is fragmented and/or may be fragmented. Structured as follows:

0 1 2

reserved df lf

where the df bit (don't fragment) prevents packets from being fragmented if set, and the lf bit (last fragment) is set in the last packet in the sequence of fragments.
fragmentation offset (13 bits)
Measured in units of 8 octets (or bytes) is simply a sequence number for the bytes in this packet when reassembling. The first offset will be zero.
time to live (8 bits)
Maximum life of a packet. If this field is zero, the packet is destroyed. Usually decremented by one when passed from one hop to the next (unless bridging).
protocol (8 bits)
The protocol used in the data portion (see "assigned numbers" rfc 790 or 1010 or below).
header checksum (16 bits)
A sixteen bit checksum on the ip header only. The ttl field changes at each hop so this needs to be recomputed on each hop. "The checksum field is the 16 bit one's complement of the one's complement sum of all 16 bit words in the header. For purposes of computing the checksum, the value of the checksum field is zero." (At least, according to rfc 791). My interpretation: one's complement each sixteen bit word in the header, add all these quantities (drop carries) and then one's complement that sum.
source address &
destination address (32 bits each)
The ip addresses of the ultimate sending and receiving hosts of the packet. In network byte order (of course) which is just another way of saying big endian, but it's more politically correct.
options (variable, up to 40 bytes)
The first byte (if any options bytes are present) is the option type byte laid out as follows:

0 1 2 3 4 5 6 7

copy flag option class option number

If the copy flag is set, the option is copied into all fragments upon fragmentation. Option classes are: 0) control, 1) reserved, 2) debugging and measurement, and 3) reserved. A few option types are defined:

class number length description

0 0 - end of option list

0 1 - no operation

0 2 11 security

0 3 var. loose source routing

0 9 var. strict source routing

0 7 var. record route

0 8 4 stream id

2 4 var. internet timestamp

The next option byte (if required by the option type) is usually a length byte (in bytes, not 32 bit words).
padding (variable, fills out the 32 bit words)
I'm pretty sure this is ignored so it probably doesn't matter but just make it all zeroes anyway, okay? It just makes the header an even 32 bit length.

data (variable, up to 65535 - header bytes)
This is where all your data goes. Whatever ip can package (see the protocol field) goes here. Take your pick (from rfc 790 or 1010)...

protocol number protocol name rfcs listed

decimal octal hexadecimal keyword meaning 790 1010

0 000 00 (reserved) * *

1 001 01 ICMP internet control message protocol * *

2 002 02 IGMP Internet Gateway Management Protocol *

3 003 03 GGP Gateway-to-Gateway * *

4 004 04 (unassigned) CMCC (unassigned)

5 005 05 ST Stream * *

6 006 06 TCP Transmission Control Protocol * *

7 007 07 UCL UCL * *

8 010 08 EGP External Gateway Protocol *

9 011 09 IGP any private interior gateway SECURE IGP

10 012 0a BNN-RCC-MON BBN RCC Monitoring * *

11 013 0b NVP-II Network Voice Protocol NVP NVP-II

12 014 0c PUP PUP * *

13 015 0d ARGUS ARGUS PLURIBUS ARGUS

14 016 0e EMCON EMCON TELENET EMCON

15 017 0f XNET Cross Net Debugger * *

16 020 10 CHAOS Chaos * *

17 021 11 UDP User Datagram Protocol * *

18 022 12 MUX Multiplexing * *

19 023 13 DCN-MEAS DCN Measurement Subsystems DCN DCN-MEAS

20 024 14 HMP Host Monitoring TAC HMP

21 025 15 PRM Packet Radio Measurement *

22 026 16 XNS-IDP XEROX NS IDP *

23 027 17 TRUNK-1 Trunk-1 *

24 030 18 TRUNK-2 Trunk-2 *

25 031 19 LEAF-1 Leaf-1 *

26 032 1a LEAF-2 Leaf-2 *

27 033 1b RDP Reliable Data Prococol *

28 034 1c IRTP Internet Reliable Transaction *

29 035 1d ISO-TP4 ISO Transport Protocol Class 4 *

30 036 1e NETBLT Bulk Data Transfer Protocol *

31 037 1f MFE-NSP MFE Network Services Protocol *

32 040 20 MERIT-INP MERIT Internodal Protocol *

33 041 21 SEP Sequential Exchange Protocol *

34-60 042-074 22-3c (unassigned) * *

61 075 3d any host internal procotol *

62 076 3e CFTP CFTP *

63 077 3f any local network

64 100 40 SAT-EXPAK SATNET and backroom EXPAK * *

65 101 41 MIT-SUBNET MIT subnet support

66 102 42 RVD MIT Remote Virtual Disk Protocol *

67 103 43 IPPC Internet Pluribus Packet Core *

68 104 44 any distributed file system *

69 105 45 SAT-MON SATNET Monitoring * *

70 106 46 (unassigned) * *

71 107 47 IPCV Internet Packet Core Utility * *

72-75 110-113 48-4b (unassigned) * *

76 114 4c BR-SAT-MON Backroom SATNET Monitoring * *

77 115 4d (unassigned) * *

78 116 4e WB-MON WIDEBAND Monitoring * *

79 117 4f WB-EXPAK WIDEBAND EXPAK * *

80-254 120-376 50-fe (unassigned) * *

255 377 ff (reserved) * *

protocol number	protocol name	rfcs listed
decimal	octal	hexadecimal	keyword	meaning	790	1010
0	000	00		(reserved)	*	*
1	001	01	ICMP	internet control message protocol	*	*
2	002	02	IGMP	Internet Gateway Management Protocol		*
3	003	03	GGP	Gateway-to-Gateway	*	*
4	004	04		(unassigned)	CMCC	(unassigned)
5	005	05	ST	Stream	*	*
6	006	06	TCP	Transmission Control Protocol	*	*
7	007	07	UCL	UCL	*	*
8	010	08	EGP	External Gateway Protocol		*
9	011	09	IGP	any private interior gateway	SECURE	IGP
10	012	0a	BNN-RCC-MON	BBN RCC Monitoring	*	*
11	013	0b	NVP-II	Network Voice Protocol	NVP	NVP-II
12	014	0c	PUP	PUP	*	*
13	015	0d	ARGUS	ARGUS	PLURIBUS	ARGUS
14	016	0e	EMCON	EMCON	TELENET	EMCON
15	017	0f	XNET	Cross Net Debugger	*	*
16	020	10	CHAOS	Chaos	*	*
17	021	11	UDP	User Datagram Protocol	*	*
18	022	12	MUX	Multiplexing	*	*
19	023	13	DCN-MEAS	DCN Measurement Subsystems	DCN	DCN-MEAS
20	024	14	HMP	Host Monitoring	TAC	HMP
21	025	15	PRM	Packet Radio Measurement		*
22	026	16	XNS-IDP	XEROX NS IDP		*
23	027	17	TRUNK-1	Trunk-1		*
24	030	18	TRUNK-2	Trunk-2		*
25	031	19	LEAF-1	Leaf-1		*
26	032	1a	LEAF-2	Leaf-2		*
27	033	1b	RDP	Reliable Data Prococol		*
28	034	1c	IRTP	Internet Reliable Transaction		*
29	035	1d	ISO-TP4	ISO Transport Protocol Class 4		*
30	036	1e	NETBLT	Bulk Data Transfer Protocol		*
31	037	1f	MFE-NSP	MFE Network Services Protocol		*
32	040	20	MERIT-INP	MERIT Internodal Protocol		*
33	041	21	SEP	Sequential Exchange Protocol		*
34-60	042-074	22-3c		(unassigned)	*	*
61	075	3d		any host internal procotol		*
62	076	3e	CFTP	CFTP		*
63	077	3f		any local network
64	100	40	SAT-EXPAK	SATNET and backroom EXPAK	*	*
65	101	41	MIT-SUBNET	MIT subnet support
66	102	42	RVD	MIT Remote Virtual Disk Protocol		*
67	103	43	IPPC	Internet Pluribus Packet Core		*
68	104	44		any distributed file system		*
69	105	45	SAT-MON	SATNET Monitoring	*	*
70	106	46		(unassigned)	*	*
71	107	47	IPCV	Internet Packet Core Utility	*	*
72-75	110-113	48-4b		(unassigned)	*	*
76	114	4c	BR-SAT-MON	Backroom SATNET Monitoring	*	*
77	115	4d		(unassigned)	*	*
78	116	4e	WB-MON	WIDEBAND Monitoring	*	*
79	117	4f	WB-EXPAK	WIDEBAND EXPAK	*	*
80-254	120-376	50-fe		(unassigned)	*	*
255	377	ff		(reserved)	*	*

or try reading your local /etc/protocols file.

0	.	.	3	4	.	.	7	8	.	.	.	.	.	.	15	16	.	18	19	.	.	.	23	24	.	.	.	.	.	.	31
ipv				ihl				tos								total length
identification																flags			frag offs
ttl								proto								header checksum
source address
destination address
(options)																								(padding)
(data)

bits 0-2: (precedence)	000 - routine traffic 001 - priority 010 - immediate 011 - flash 100 - flash override 101 - critic/ecp 110 - internetwork control 111 - network control
bit 3: (d)	normal(0)/low(1) delay
bit 4: (t)	normal(0)/high(1) throughput
bit 5: (r)	normal(0)/high(1) reliability
bits 6-7:	reserved for future use

class	number	length	description
0	0	-	end of option list
0	1	-	no operation
0	2	11	security
0	3	var.	loose source routing
0	9	var.	strict source routing
0	7	var.	record route
0	8	4	stream id
2	4	var.	internet timestamp