Decoding an IP Header (1) - cyber
Download
Report
Transcript Decoding an IP Header (1) - cyber
Decoding an IP Header (1)
0x45 =
Version 4, IHL 5
4500
ac10
6018
6c61
0x00 =
ToS 0 (not set)
0034 c9e7 4000 3d06 178c d823 d9ba
00b7 0017 12f5 729a 2105 145c db4f
16d0 a7cb 0000 0204 05b4 6c73 202d
0000
IP Version
Length: 4 bits
Offset: 0 bits
IP Header Length (IHL)
Length: 4 bits
Offset: 4 bits
Type of Service (ToS)
Length: 1 byte
Offset: 1 byte
Decoding an IP Header (2)
0x0034 =
Length 52 bytes
4500
ac10
6018
6c61
0xc9e7 =
IPID 51687
0x3d =
TTL 61
0034 c9e7 4000 3d06 178c d823 d9ba
00b7 0017 12f5 729a 2105 145c db4f
16d0 a7cb 0000 0204 05b4 6c73 202d
0000
Total Packet Length
Length: 2 bytes
Offset: 2 bytes
IP Identification (IPID)
Length: 2 bytes
Offset: 4 bytes
Time to Live (TTL)
Length: 1 byte
Offset: 8 bytes
Decoding an IP Header (3)
0x4000 = 0100 0000 0000 0000
Flags 010 (Don’t Fragment set)
Fragment Offset = 0’s (not set)
4500
ac10
6018
6c61
0x06 =
Embedded Protocol 6 (TCP)
0034 c9e7 4000 3d06 178c d823 d9ba
00b7 0017 12f5 729a 2105 145c db4f
16d0 a7cb 0000 0204 05b4 6c73 202d
0000
IP Header Flags
Length: 3 bits
Offset: 6 bytes
Fragment Offset
Length: 13 bits
Offset: 6 bytes + 3 bits
Embedded Protocol
Length: 1 byte
Offset: 9 bytes
Decoding an IP Header (4)
0xac 0x10 0x00 0xb7 =
172 16
0 183
Destination Address
4500
ac10
6018
6c61
0x178c =
Checksum 62216
0xd8 0x23 0xd9 0xba =
216 35 217 186
Source Address
0034 c9e7 4000 3d06 178c d823 d9ba
00b7 0017 12f5 729a 2105 145c db4f
16d0 a7cb 0000 0204 05b4 6c73 202d
0000
Checksum
Length: 2 bytes
Offset: 10 bytes
Source Address
Length: 4 bytes
Offset: 12 bytes
Destination Address
Length: 4 bytes
Offset: 16 bytes
Decoding a TCP Header (1)
0x0017 =
Source Port 23
4500
ac10
6018
6c61
0x12f5 =
Dest. Port 4853
0x729a2105 =
Sequence number 1922703621
0034 c9e7 4000 3d06 178c d823 d9ba
00b7 0017 12f5 729a 2105 145c db4f
16d0 a7cb 0000 0204 05b4 6c73 202d
0000
Source Port
Length: 2 bytes
Offset: 0 bytes
Destination Port
Length: 2 bytes
Offset: 2 bytes
Sequence Number
Length: 4 bytes
Offset: 4 bytes
Decoding a TCP Header (2)
0x60 = 0110 0000
Header Len 0110 = 6
0x18 = 0001 1000
Flags = PSH, ACK
4500
ac10
6018
6c61
0xa7cb =
Checksum 42955
0x145cdb4f =
ACK number 341629775
0034 c9e7 4000 3d06 178c d823 d9ba
00b7 0017 12f5 729a 2105 145c db4f
16d0 a7cb 0000 0204 05b4 6c73 202d
0000
ACK Number
Length: 4 bytes
Offset: 8 bytes
Header Length
Length: 4 bits
Offset: 12 bytes
TCP Flags
Length: 1 byte
Offset: 13 bytes
Checksum
Length: 2 bytes
Offset: 16
Decoding a TCP Header (3)
0x16d0 =
Window size 5840
4500
ac10
6018
6c61
0x0000 =
Urgent Ptr 0 (not set)
0x020405b4 =
0x02 MSS set, 0x04 4 bytes
0x05b4 MSS is 1460 bytes
0034 c9e7 4000 3d06 178c d823 d9ba
00b7 0017 12f5 729a 2105 145c db4f
16d0 a7cb 0000 0204 05b4 6c73 202d
0000
TCP Window Size
Length: 2 bytes
Offset: 14 bytes
Urgent Ptr
Length: 2 bytes
Offset: 18 bytes
TCP Options
Length: variable
Offset: 20 bytes
Data
Length: variable
Offset: variable
Decoding a TCP Header (4)
(TCP Header Length - Min. TCP Header Length) = TCP Options Length
(6 * 4)
20
=
4
IP Total Length - (IHL + TCP Header Length) = Payload Length
52
((5 * 4) + (6 * 4))
=
8
4500
ac10
6018
6c61
0034 c9e7 4000 3d06 178c d823 d9ba
00b7 0017 12f5 729a 2105 145c db4f
16d0 a7cb 0000 0204 05b4 6c73 202d
0000
TCP Options
Length: 4 bytes
Offset: 20 bytes
0x020405b4 =
0x02 MSS set, 0x04 4 bytes
0x05b4 MSS is 1460 bytes
Payload
Length: 8
Offset: 24 bytes