This wiki has been migrated to and is now deprecated. Please use that site instead.
Differences between revisions 10 and 12 (spanning 2 versions)
Revision 10 as of 2004-11-29 00:31:34
Size: 3812
Editor: GuyHarris
Comment: "IP based" -> "IP-based", tweak punctuation and wording.
Revision 12 as of 2005-06-01 23:39:52
Size: 4154
Editor: UlfLamping
Comment: add RFC's for "Differentiated Services" (replaces Type of Service field?)
Deletions are marked like this. Additions are marked like this.
Line 2: Line 2:
= Internet Protocol (IP) = = Internet Protocol version 4 (IP) =
Line 5: Line 5:

This page describes IP version 4, which is widely used. There's also an ["IPv6"] protocol page available.
Line 67: Line 69:
 * [ RFC894] "Transmission of IP Datagrams over Ethernet Networks"
 * [ RFC950] "Internet Standard Subnetting Procedure"
 * [ RFC1112] "Host Extensions for IP Multicasting"
 * [ RFC1812] "Requirements for IP Version 4 Routers"
 * [ RFC894] ''Transmission of IP Datagrams over Ethernet Networks''
 * [ RFC950] ''Internet Standard Subnetting Procedure''
 * [ RFC1112] ''Host Extensions for IP Multicasting''
 * [ RFC1812] ''Requirements for IP Version 4 Routers''

 === Differentiated Services (replaces Type of Service) ===
 * [ RFC2474] ''Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers''
 * [ RFC2475] ''An Architecture for Differentiated Services''
Line 74: Line 80:

Add more stuff about IPv6 here, or have separate IPv4 and IPv6 pages? -''Guy Harris''

Internet Protocol version 4 (IP)

The Internet Protocol provides the network layer (layer 3) transport functionality in the InternetProtocolFamily.

This page describes IP version 4, which is widely used. There's also an ["IPv6"] protocol page available.

The IP protocol is used to transfer packets from one ["IP-address"] to another. The user of this layer will give a packet and a remote IP address, and IP is responsible to transfer the packet to that host.

IP will (hopefully) guide the packet the right way to the remote host. The data transfer is independant of the underlying network hardware (e.g. ["ATM"], ["Ethernet"], or even a SerialLine). If the underlying hardware is not able to transfer the maximum length required (especially on SerialLine's or ["ATM"]), IP will split the data into several smaller IP fragments and reassemble it into a complete one at the receiving host.

When IP wants to send a packet on a LAN, it must first translate the ["IP-address"] given into the underlying hardware address (e.g. an ["Ethernet"] address). IP uses ["ARP"] for this translation, which is done dynamically. On a point-to-point line, this is obviously not necessary, as there's only one host to which a given machine can send a packet.

IP doesn't provide any mechanism to detect PacketLoss, DuplicatePackets and alike.

IP uses ["ICMP"] to transfer control messages to a remote host, like: "Please don't send me more IP packets, I'm full". The famous ping tool also use ["ICMP"].

The typical protocols on top of IP are ["TCP"] and ["UDP"].

Version 4 of the IP protocol is widely used all over the world. As the available ["IP-address"] range is becoming short, version 6 with a much wider address range is becoming more and more popular these days.


The [ RFC791] "INTERNET PROTOCOL" was released in September 1981.

Protocol dependencies

  • ["Ethernet"]: IP can use ["Ethernet"] and many other protocols. The assigned Ethernet type for IP is 0x800.
  • ["ICMP"]: IP uses ["ICMP"] for control messages between hosts.

Example traffic

XXX - Add example traffic here (as plain text or Ethereal screenshot).


IP dissector is fully functional. Ethereal provides some advanced features such as IP defragmentation.

Preference Settings

(XXX add links to preference settings affecting how IP is dissected).

Example capture file

XXX - Add a simple example capture file. Keep it short, it's also a good idea to gzip it to make it even smaller, as Ethereal can open gzipped files automatically.

Display Filter

A complete list of IP display filter fields can be found in the [ display filter reference]

  • Show only IP-based traffic (beware: you won't see any ARP packets if you use this filter!):


    Show only the IP-based traffic to or from host


    Show only the IP based traffic not to or from host (beware: this is not identical to ip.addr!=


Capture Filter

  • Capture IP based traffic only:


    Capture only the IP based traffic to or from host



Internet_Protocol (last edited 2018-10-09 12:21:34 by AlexHammer)