Bugger

Some questions about the IPv4 header

9 posts in this topic

I'm trying to build a TCP packet sender and I have some questions about building the IP header (I might sound abit nooby but bear with me):

1. Total Length

* Is it the length of the packet from the first bit to the last?

* Is it the length of the packet starting from the IP header to the end of the header? (I doubt this, or why would they have IHL?)

* Is it the length of the packet starting from the IP header to the end of the packet?

2. Identification

All I know that it's used to identify a packet from another (probably for fragments).

* How is it generated?

If a computer received a packet with (0x0001) Identification for example, what would happen if:

* Another packet is received from another source with the same Identification?

* Another packet is received from the same source with another Identification?

Thanks in advanced

0

Share this post


Link to post
Share on other sites

Total length is the length of the entire IP packet in bytes, including the IP header. So if the IP header is 20 bytes and it carries 40 bytes of data, Total Length should be 60.

How the fragmentation IDs are generated are completely dependent on what split the packet in the first place. If a packet with the same ID is received from the same IP, and the host is already trying to reassemble a fragmented packet from that IP, then it will assume it's part of the fragmented packet. If it's erroneous or malicious, there will probably be a fragment length overlap, the fragmentation will fail and it'll probably fire off some ICMP message. If a packet comes from another IP with the same ID, it'll just be ignored. The OS should only try to reassemble fragmented packets for matching source IP addresses and ID numbers, on the off chance that two packets were fragmented from different hosts, and both chose the same ID number. Since ID numbers were traditionally simple counters, this was probably a common thing early on in TCP/IP's life. Though that probably doesn't happen anymore, as ID numbers should be generated randomly.

0

Share this post


Link to post
Share on other sites

Hmmm... that explains alot... thanks alot Ohm... I might get back with more weirder weirder useless questions =D

0

Share this post


Link to post
Share on other sites

Alright, came up with few more questions, but this time, it's about TCP Header:

1) What is the window size? I don't really understand it... Is it randomly generated or there's some thing behind building it?

2) How options works? How can I let the option starts the handshaking process thingy?

Thanks in advanced again =D

0

Share this post


Link to post
Share on other sites

Not sure about options, but from what I remember of networking in high school, the tcp window size is how many packets to send before the receiver has to respond with an ack requesting the next expected packet. I'm sure a lot of this is covered on wikipedia somewhere, so you might want to double-check that window thing. Also, by options do you mean headed flags like SYN and FIN?

0

Share this post


Link to post
Share on other sites
Alright, came up with few more questions, but this time, it's about TCP Header:

1) What is the window size? I don't really understand it... Is it randomly generated or there's some thing behind building it?

The window size is the size of the data transmitted in the given segment. It isn't randomly generated, it's negotiated upon the three-way hanshake, and then (usually) dynamically changed to account for the reliability (or lack thereof) of the link.

2) How options works? How can I let the option starts the handshaking process thingy?

Thanks in advanced again =D

The options notify the communicating hosts of numerous session-specific options. One of them can be selective acknowledgement of received communication or the mentioned window scaling.

Edited by WhatChout
0

Share this post


Link to post
Share on other sites
The window size is the size of the data transmitted in the given segment. It isn't randomly generated, it's negotiated upon the three-way hanshake, and then (usually) dynamically changed to account for the reliability (or lack thereof) of the link.

I'm starting to get what you're saying here, but I'm wondering how is it generated? does it start randomly then dynamically changes or is there somekinda function that generates the window size according to some header data?

0

Share this post


Link to post
Share on other sites
The window size is the size of the data transmitted in the given segment. It isn't randomly generated, it's negotiated upon the three-way hanshake, and then (usually) dynamically changed to account for the reliability (or lack thereof) of the link.

I'm starting to get what you're saying here, but I'm wondering how is it generated? does it start randomly then dynamically changes or is there somekinda function that generates the window size according to some header data?

Depends on the implementation of the TCP/IP stack. For the Windows family (or at least 2000 and 2003 server) it is first set to 16K bytes and then it is rounded up to an even increment of the Maximum Segment Size, which is negotiated upon the beginning of the session.

0

Share this post


Link to post
Share on other sites

If you want to get some really good information on TCP/IP stack and how it all works there are quite a few good books out there. I would suggest "Internetworking with TCP/IP; Principles, Protocols and Architectures; 4th Ed." This is a great book though it will put you to sleep so ensure you have a lot of coffee in your before you attempt reading this until EOF.

Yes it is a large Text but it has a lot of information on it to help people out in the Networking world too :)

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now