In this section I am going to discuss the IPv4 and IPv6 headers as they relate to the 1.1.d section, explain IP operations. Then we will list out details you should know before proceeding to dive into them in later sub sections. I highly recommend memorizing these fields in the header and I have even made flash cards for you.
The IP header is 20 Bytes long (normally) and a max of 40 Bytes with options (rare), with various peices.
Version: 4 when using IPv4
Internet Header Length (IHL): Specified how big the header; 20 bytes no options; 40 bytes with options
TOS/Differentiated Services Code Point: DSCP, 8 bits (6 used) to apply QoS
Explicit Congestion Notification (ECN) carries two options for hosts and routers to alert of congestion. (a part of DSCP/TOS)
Total Length: Total size of this IP Packet (from IP header and up)
Identification: If fragmented, keeps track of IP packet fragmentation (1 identification number per whole packet; 4x fragments of 1 ip packet will have same ident. )
Flags: Where fragmentation options can be set (don’t fragment, more fragments)
Fragment Offset: Used for reassembly in buffer of fragmented packet
Time To Live: How many times this IP packet has been routed; Each router decrements this once. (They can choose not to). It is also useful for preventing routing loops within a network because if a router receives a packet with a TTL of 1, it will drop it and send an ICMP time exceeded message to the source.
Protocol: The IP protocol or the next protocol header (TCP, UDP, ICMP etc…)
Header Checksum: A checksum of the whole header for integrity (recalc. when NAT’d)
Source Address: Ipv4 address of Sender
Destination Address: Ipv4 Address of Receiver
The IPv6 header is a fixed 40 byte long header, extensions are optional but not a part of the actual header.
Version: This filed is always 6
Traffic Class: This is the same field as the DSCP filed in the IPv4 header, used for QoS (8 bits).
A sub type of this field is the explicitly congestion notification fields for notifying end hosts of congestion along the path.
Flow Label: Used to provide routers a hash of a packet flow such that they can guarantee packets wont be sent out of order (not actually used yet)
Payload length: Tells us the size this IPv6 packet (with IP header)
Next header: Tells us the first extension header, or if no extension headers, tells us the next protocol (TCP,UDP, etc)
Hop limit: Same as the TTL in an IPv4 packet, used to prevent routing loops.
Source address: Tells us the IPv6 source address of this packet
Destination address: Tells us us the IPv6 destination address of this packet
I looked around for many different sources, and even in the Official Cert Guide Books, but nothing really compares to the notes from the two blogs below.
This one is more of a comparison, but still serves well.