Forum Replies

  1. Hi Hussein,

    The identification field is only used for fragmentation. When packets get fragmented, the fragments get the same identification field to identify which fragments belong to the same IP packet. It’s only used for identification, it doesn’t have anything to do with the number of files. Take a look at this capture:

    Wireshark capture fragmented ICMP traffic

    The fragment offset only refers to the position of the fragment in the original IP packet.


  2. Hi Romani,
    Welcome to the forums!

    The key to understand the necessity of Header Length is to realize that with IPv4 the size of the header is not fixed (like it is in IPv6). The size of the IPv4 header must be at least 20 bytes, but it can be bigger, too. What makes it bigger are the additions of “options.” To learn more about options go here

    Since the size of the IPv4 header is variable, the purpose of the Header Length is to specify just how big it actually is, but there are rules as to what sizes are allowed. As mentioned earlier, the minimum is 20 bytes, and the maximum is 60 bytes, but in-between those values, the size is only allowed to increase in increments of 4 bytes (since 8 bits = 1 byte, 32 bits = 4 bytes). So, for example, the possible sizes (in bytes) are 20, 24, 28, 32, … 60.

    The actual value of the “Header Length” field is a binary number that represents how many sets of 4 byte “blocks” there are (or how many sets of 32 bit “blocks” there are–its the same thing). Remember, we said a minimum value was 20 bytes? How many “4 byte blocks” are there in 20 bytes? 5, right? So 5 would be the minimum value for Header Length. In the case of the maximum header length, it would be 15.

    Finally, remember that actual value in the Header Length is a binary number–specifically with 4 bits. That means the largest possible value is “1 1 1 1” which in decimal = 15. This is also the limit of the maximum header size–60 bytes.

  3. Hello Ajay.

    The Header Length is a 4 bit field. That means that it can represent numbers from 0 to 15. The minimum number that the field can have however is 5. The resulting header length is calculated with the following formula:

    Length = Header Length * 32 bits

    If the value of the Header Length field is the minimum, that is 5, then:

    Length = 5 * 32 bits = 160 bits = 20 bytes

    If the value of the header length field is the maximum, that is 15, then:

    Length = 15 * 32 bits = 480 bits = 60 bytes

    The total length is the length of the whole packet. This is a 16 bit field, so it can have numbers between 0 and 65535. These numbers represent bytes directly. The minimum size you can have is 20 bytes and the maximum (theoretically) is 65535 bytes.

    Finally, concerning your question about fragmentation, the fragment offset indicates where the fragmentation took place in the frame. This is used to help reassemble fragmented frames. In essence, you are correct in your statement.

    The MF flag is also used to aid in reassembly of the fragmented frame. If set to 1, it indicates that additional fragments of the frame will follow. The DF flag indicates that the frame should NOT be fragmented. If the MTU is too small, the frame is just dropped.

    I hope this has been helpful!


  4. andrew says:

    The Total Length field represents the size in bytes. A 16 bit field has a maximum numeric (decimal) value of 65,535, but that value is just a number. The meaning of that number is “how large is this packet in BYTES.”

    If you receive a packet of 9000 and receiving MTU is less than that, you MUST have DF=0 otherwise the packet will be dropped. As you correctly point out, with DF=0, the packet will be fragmented, but that doesn’t mean it won’t be “without issue.” In this case a performance hit would be expected for two reasons:

    1. The act of fragmenting consumes resources and increases the amount of packets being sent between sender and receiver
    2. In your example, the highest possible MTU available is 2000. This results in a much smaller amount of data (less than 25%) being carried per packet as opposed to a 9000 MTU. All of these extra packets take both time and require overhead resources to process.

29 more replies! Ask a question or join the discussion by visiting our Community Forum