The Internet Protocol and Packet Structure
The Internet Protocol (IP) is the network-layer protocol that provides logical addressing and routing across interconnected networks. While Ethernet handles delivery within a single LAN segment, IP enables end-to-end delivery across the entire internet by assigning each host a globally meaningful address and routing packets hop-by-hop through routers.
IPv4 Header
The IPv4 header is 20 bytes minimum (without options) and contains the following critical fields:
| Field | Size | Purpose |
|---|---|---|
| Version | 4 bits | Always 4 for IPv4 |
| IHL (Internet Header Length) | 4 bits | Header length in 32-bit words (min 5 = 20 bytes) |
| Total Length | 16 bits | Entire packet size (header + payload), max 65,535 bytes |
| TTL (Time to Live) | 8 bits | Decremented by 1 at each router; packet dropped when TTL reaches 0 — prevents infinite routing loops |
| Protocol | 8 bits | Identifies the transport layer (6 = TCP, 17 = UDP, 1 = ICMP) |
| Header Checksum | 16 bits | Error detection for the header only (not the payload) |
| Source IP | 32 bits | Sender's IP address |
| Destination IP | 32 bits | Receiver's IP address |
Additional fields include Identification, Flags (including the DF — Don't Fragment flag), and Fragment Offset, which are used for fragmentation.
Subnetting and CIDR
IP addresses are divided into a network prefix and a host identifier. CIDR (Classless Inter-Domain Routing) notation expresses this split: 192.168.1.0/24 means the first 24 bits are the network prefix, leaving 8 bits for hosts — that is 2^8 = 256 addresses (254 usable, since the first is the network address and the last is broadcast).
Common subnet sizes:
- /24 — 256 addresses (typical small LAN)
- /16 — 65,536 addresses (large campus)
- /8 — 16,777,216 addresses (very large organization)
Private Address Ranges
Three ranges are reserved for private networks (not routable on the public internet):
- 10.0.0.0/8 — 16.7 million addresses
- 172.16.0.0/12 — 1 million addresses (172.16.0.0 to 172.31.255.255)
- 192.168.0.0/16 — 65,536 addresses
These are used behind NAT (Network Address Translation), where a router maps many private addresses to one or a few public addresses. NAT conserves the limited IPv4 address space and provides a layer of security by hiding internal addresses.
IPv6
IPv6 was designed to solve IPv4 address exhaustion. Key differences:
- 128-bit addresses — 3.4 * 10^38 possible addresses (effectively unlimited)
- Simplified header — fixed 40 bytes, no header checksum (upper layers handle integrity), no options field (replaced by extension headers)
- No router fragmentation — only the source host may fragment; routers send "Packet Too Big" ICMPv6 messages instead (Path MTU Discovery)
- Mandatory features — IPsec support, multicast, neighbor discovery (replaces ARP)
An IPv6 address looks like 2001:0db8:85a3:0000:0000:8a2e:0370:7334, with consecutive zero groups abbreviated using ::.
Fragmentation
When an IPv4 packet is larger than the MTU of the next link, the router fragments it into smaller packets, each with its own IPv4 header. The Identification field ties fragments together; the Fragment Offset field positions each piece; the More Fragments (MF) flag indicates whether more pieces follow. Fragmentation is costly — it increases overhead, wastes bandwidth, and can cause retransmission of the entire original packet if any fragment is lost. Setting the DF (Don't Fragment) flag forces routers to drop oversized packets and send an ICMP "Fragmentation Needed" message, enabling Path MTU Discovery.
Routing: Longest Prefix Match
Routers maintain a routing table mapping destination prefixes to next-hop addresses. When a packet arrives, the router finds the entry whose prefix matches the most bits of the destination IP — this is the longest prefix match. For example, if the table contains both 10.0.0.0/8 and 10.1.0.0/16, a packet destined for 10.1.2.3 matches the /16 route because it is more specific.
Real-Life: How a Packet Crosses the Internet
When you browse example.com from your laptop at 192.168.1.100, the IP packet takes these steps:
1. Source creates the packet: Your laptop builds an IPv4 packet with source IP 192.168.1.100, destination IP 93.184.216.34 (example.com), TTL=64, protocol=6 (TCP).
2. NAT translation: Your home router replaces the source IP with its public IP (e.g., 73.45.22.100) and records the mapping in its NAT table. The packet now has source 73.45.22.100, destination 93.184.216.34.
3. Routing hop-by-hop: Each router along the path examines the destination IP, performs a longest prefix match against its routing table, decrements the TTL by 1, recalculates the header checksum, and forwards the packet to the next hop. If TTL reaches 0, the router drops the packet and sends an ICMP "Time Exceeded" message (this is how traceroute works).
4. Fragmentation (if needed): If a router encounters a link with MTU smaller than the packet, and the DF flag is not set, it fragments the packet. With DF set, it drops the packet and sends ICMP "Fragmentation Needed" so the source can reduce its packet size.
5. Destination receives: The server at 93.184.216.34 receives the packet, checks the header checksum, examines the protocol field (6 = TCP), and passes the payload up to the TCP layer.
Subnet example: A company has the block 10.0.0.0/8. They subdivide it: 10.1.0.0/16 for the engineering department, 10.2.0.0/16 for sales. Within engineering, 10.1.1.0/24 is floor 1, 10.1.2.0/24 is floor 2. A router at each boundary forwards packets based on longest prefix match.