Internet Protocol version 4 (IP)

The Internet Protocol provides the network layer (layer 3) transport functionality in the InternetProtocolFamily.

This page describes IP version 4, which is widely used. There's also an IPv6 protocol page available.

The IP protocol is used to transfer packets from one IP-address to another. The user of this layer will give a packet and a remote IP address, and IP is responsible to transfer the packet to that host.

IP will (hopefully) guide the packet the right way to the remote host. The data transfer is independent of the underlying network hardware (e.g. ATM, Ethernet, or even a SerialLine). If the underlying hardware is not able to transfer the maximum length required (especially on SerialLine's or ATM), IP will split the data into several smaller IP fragments and reassemble it into a complete one at the receiving host.

When IP wants to send a packet on a LAN, it must first translate the IP-address given into the underlying hardware address (e.g. an Ethernet address). IP uses ARP for this translation, which is done dynamically. On a point-to-point line, this is obviously not necessary, as there's only one host to which a given machine can send a packet.

IP doesn't provide any mechanism to detect PacketLoss, DuplicatePackets and alike.

IP uses ICMP to transfer control messages to a remote host such as "Please don't send me more IP packets, I'm full". The famous ping tool also use ICMP.

The typical protocols on top of IP are TCP and UDP.

Version 4 of the IP protocol is widely used all over the world. As the available IP-address range is becoming short, version 6 with a much wider address range is becoming more and more popular these days.


The RFC791 "INTERNET PROTOCOL" was released in September 1981.

Protocol dependencies

Example traffic

XXX - Add example traffic here (as plain text or Wireshark screenshot).


IP dissector is fully functional. Wireshark provides some advanced features such as IP defragmentation.

Preference Settings

Example capture file

XXX - Add a simple example capture file. Keep it short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.

Display Filter

A complete list of IP display filter fields can be found in the display filter reference

Capture Filter


Internet_Protocol (last edited 2018-10-09 12:21:34 by AlexHammer)