This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.
Differences between revisions 3 and 4
Revision 3 as of 2004-09-14 12:45:06
Size: 3464
Editor: UlfLamping
Comment: move IP content from family page to IP page
Revision 4 as of 2004-09-14 14:25:17
Size: 3525
Editor: UlfLamping
Comment:
Deletions are marked like this. Additions are marked like this.
Line 8: Line 8:
IP will (hopefully) guide the packet the right way to the remote host. The data transfer is independant of the underlying network hardware (e.g. ["ATM"], ["Ethernet"], or even a SerialLine). If the underlying hardware is not able to transfer the maximum length required (especially on SerialLine's or ATM), IP will split the data into several smaller IP fragments and reassemble it into a complete one at the receiving side. IP will (hopefully) guide the packet the right way to the remote host. The data transfer is independant of the underlying network hardware (e.g. ["ATM"], ["Ethernet"], or even a SerialLine). If the underlying hardware is not able to transfer the maximum length required (especially on SerialLine's or ["ATM"]), IP will split the data into several smaller IP fragments and reassemble it into a complete one at the receiving host.
Line 12: Line 12:
IP doesn't provide any mechanism to detect duplicated packets, loss of packets and alike. IP doesn't provide any mechanism to detect PacketLoss, DuplicatePackets and alike.
Line 16: Line 16:
The typical protocols on top of IP are TCP and UDP. The typical protocols on top of IP are ["TCP"] and ["UDP"].
Line 22: Line 22:
XXX - add a brief description of IP history The [http://www.ietf.org/rfc/rfc791.txt RFC791] "INTERNET PROTOCOL" was released in September 1981.

Internet Protocol (IP)

The Internet Protocol provides the network layer (layer 3) transport functionality in the InternetProtocolFamily.

The IP protocol is used to transfer packets from one host to another. The user of this layer will give a packet and a remote IP address, and IP is responsible to transfer the packet to that host.

IP will (hopefully) guide the packet the right way to the remote host. The data transfer is independant of the underlying network hardware (e.g. ["ATM"], ["Ethernet"], or even a SerialLine). If the underlying hardware is not able to transfer the maximum length required (especially on SerialLine's or ["ATM"]), IP will split the data into several smaller IP fragments and reassemble it into a complete one at the receiving host.

When IP wants to send a packet, it must first translate the IP address given into the underlying hardware address (e.g. an ["Ethernet"] address). IP uses ["ARP"] for this translation, which is done dynamically.

IP doesn't provide any mechanism to detect PacketLoss, DuplicatePackets and alike.

IP uses ["ICMP"] to transfer control messages to a remote host, like: "Please don't send me more IP packets, I'm full". The famous ping tool also use ["ICMP"].

The typical protocols on top of IP are ["TCP"] and ["UDP"].

The version 4 of the IP protocol is widely used all over the world. As the available IP address range is becoming short, version 6 with a much wider address range is becoming more and more common these days.

History

The [http://www.ietf.org/rfc/rfc791.txt RFC791] "INTERNET PROTOCOL" was released in September 1981.

Protocol dependencies

  • ["Ethernet"]: IP can use ["Ethernet"] and many other protocols. The well known Ethernet type for IP is 0x800.
  • ["ICMP"]: IP uses ["ICMP"] for control messages between hosts.

Example traffic

XXX - Add example traffic here (as plain text or Ethereal screenshot).

Ethereal

IP dissector is fully functional. Ethereal provides some advanced features such as IP defragmentation.

Preference Settings

(XXX add links to preference settings affecting how IP is dissected).

Example capture file

XXX - Add a simple example capture file. Keep it short, it's also a good idea to gzip it to make it even smaller, as Ethereal can open gzipped files automatically.

Display Filter

A complete list of IP display filter fields can be found in the [http://www.ethereal.com/docs/dfref/i/ip.html display filter reference]

  • Show only the IP based traffic (beware: you won't see any ARP packets, if you use this filter!):

     ip 

    Show only the IP based traffic to or from host 192.168.0.10:

     ip.addr==192.168.0.10 

    Show only the IP based traffic not to or from host 192.168.0.10 (beware: this is not identical to ip.addr!=192.168.0.10):

     !(ip.addr==192.168.0.10) 

Capture Filter

  • Show only the IP based traffic to or from host 192.168.0.10:

     host 192.168.0.10 

Discussion

Internet_Protocol (last edited 2018-10-09 12:21:34 by AlexHammer)