IPv4 is one of the core protocols used in standards based internetworking on the Internet and other packet-switched networks. It is succeeded by IPv6.

# Packets

IP packets are between 20 and 2^16 bytes in size, comprised of a header and a payload.

• Version specifies the protocol version (always 4).
• IHL specifies the total length of the header section, or the offset to reach the data.
• DSCP specifies the type of service for packet classification, determining QoS.
• ECN optionally allows end-to-end notification of traffic congestion without dropping packets.
• Total Length defines the size of the entire packet, both header and data.
• Identification uniquely identifies a group of fragments in a single datagram.
• Flags specifies fragmentation control:
• 0: reserved; must be 0.
• 1: DF will cause the packet to be dropped rather than fragmented if fragmentation is required for transmission.
• 2: MF indicates that additional fragments are to be transmitted, and is cleared for non-fragmented packets.
• Fragment Offset specifies the offset of the fragment relative to the first (0) fragment of the datagram.
• Time To Live determines how many routers can be traversed before giving up, to prevent loops.
• Protocol defines the protocol used in the data section of datagram.
• Options is often unused, but allows setting options, provided the IHL value is large enough to accommodate it:
• The Copied bit determines whether the options should be copied into all fragments of a fragmented packet.
• Option Class sets a general category:
• 0: "control".
• 1: reserved.
• 2: "debugging and measurement".
• 3: reserved.
• Option Number is a 5-bit number indicating the option.
• Option Length is an 8 bit value indicating the length of the option value.
• Option Data is a variable length, option-specific value.

# ARP

The Address Resolution Protocol is used for the discovery of the link layer address (layer 2; e.g. MAC address) for a given network layer (layer 3; IPv4) address. It works by broadcasting "who has" messages to connected hosts, which can then respond with "I have".

Because the protocol is stateless, all nodes on the network are responsible for maintaining their own cache of protocol address to MAC address. On switches these are referred to as MAC Address Tables, and other hosts have an ARP Cache.

ARP packets comprise the following fields:

• Hardware Type specifies the type of the hardware address.
• 0 Reserved
• 1: Ethernet (10Mb)
• 2 Experimental Ethernet
• 20 Serial Line
• 31 IPsec tunnel
• 32 InfiniBand
• 258-65534 Unassigned
• 65535 Reserved
• Protocol Type specifies the internetwork protocol, using a number space shared with EtherType.
• Hardware Address Length specifies the length, in octets, of the hardware address.
• Protocol Address Length specifies the length, in octets, of the protocol address.
• Operation specifies the type of request/reply:
• 0: Reserved
• 1 REQUEST
• 2 REPLY
• 26-65534 Unassigned
• 65535 Reserved
• Sender Hardware Address specifies the hardware address of the sender in a request (the hardware address of the requested host in the response).
• Target Hardware Address contains the hardware address of the intended receiver. Ignored during requests, indicates the address of the originating host of a request during a reply.
• Target Protocol Address contains the

# ICMP

ICMP is the protocol used by network devices, e.g. routers, for diagnostics and error reporting. It's rarely used directly by user-facing applications, with the notable exceptions of ping and traceroute.

IPv4 addresses are 32-bit numbers, usually represented as a string of 4 decimal numbers representing 8-bit resources.math.binary octets.

IP addressOctet 1Octet 2Octet 3Octet 4
192.168.1.641100 00001010 10000000 00010100 0000
255.255.255.01111 11111111 11111111 11110000 0000

There are three types of IP addresses in each IP network:

• An address with all binary zeroes in its host portion is a network address.
• Anything else is a host address.

## Classful

Classful addressing was used up until ~1995, and defined the first 3 octets of the address as the Network Portion, and the final octet as the Host Portion. It segmented the address space into a number defined ranges:

ClassUsageRoutable on public internet?Range startRange endNetwork PortionHost Portion
AUnicast0.0.0.0127.0.0.0Octet 1Octets 2-4
BUnicast128.0.0.0191.0.0.0Octets 1 and 2Octets 3 and 4
CUnicast192.0.0.0223.0.0.0Octets 1-3Octet 4
DMulticast224.0.0.0239.0.0.0Octets 1-4None

## Classless

In classless routing, the Host and Network Portions of the address are defined by the subnet mask.

192.168.1.64255.255.255.0192.168.1 (1100 0000 1010 1000 0000 0001)64 (0100 0000)

CIDR allows us to express the subnet mask as a prefix with the starting address of the network:

192.168.1.64255.255.255.0192.168.1.0/24

### VLSM

Variable-Length Subnet Mask is a type of subnet design which uses more than one length of subnet mask. Whilst more complex, it allows engineers to make more effective use of the available address space by saving on wasted address space caused by a fixed design.

## NAT

Network Address Translation lets us segregate private networks from the public Internet and allows routers to translate route packets between devices on either side.

24-bit blockSingle class A network10.0.0.0/8
20-bit block16 contiguous class B networks172.16.0.0/12
16-bit block256 contiguous class C networks192.168.0.0/16

CGNAT, also known as large-scale NAT, is an approach to IPv4 network design in which end sites are configured with private network address that are translated to public IPv4 addresses by middlebox NAt devices in the operator's network. It allows for reuse of the limited IPv4 address space, extending the lifespan of IPv4.

## APIPA

APIPA is a "helpful" Windows feature designed to automatically assign IP addresses to nodes in the absence of a functioning DHCP server. It provisions addresses in the network 169.254.0.0/16. The presence of an address in this range on a NIC configuration is usually indicative of a connectivity issue.

# Routing

IP routing allows packets to traverse network boundaries. The route that a packet follows is determined by the routing table on each host or gateway (router). The default gateway on each host or gateway is a catch-all for things not matching specific rules in the routing table.

At each hop, the router:

• Extracts the message from the frame
• Looks at its routing table for a matching route
• When found, creates a new frame with that

## Dynamic routing

Dynamic (or adaptive) routing allows a set of routers to adjust their routing rules to allow for optimal performance and availability, responding in realtime to changes to the network's logical layout.

They can be grouped into two broad categories based on the data transferred between neighbouring routers:

• Distance vector protocols exchange vectors of all known networks and the transmitter's relative distance from them.
• Link state protocols have routers describe themselves and their interfaces to their neighbours. Routers relay all of these messages to neighbouring routers to give a complete picture of the network to all routers.
ProtocolType
RIPDistance vectorold and unused
EIGRPDistance vector
BGPHybridexterior gateway protocol based on autonomous systems

## Tracing

traceroute (or tracert on Windows) allows tracing the gateway traversals packets make between our host and a destination.

# Transmission modes

## Unicast

Unicast transmissions take place between exactly one transmitter and exactly one receiver, sent directly to the receiver's IP address.