Specifies the length of the IP packet including the IP header and the user data.
Total length
This 8-bit field is equivalent to the IPv4 Differentiated Services (DS) field.
Traffic Class
Threat actors attempt to prevent legitimate users from accessing information or services.
Denial-of-Service (DoS) attacks
This is used to perform host verification and DoS attacks.
ICMP echo request and echo reply
Header checksum
Hop Limit
Threat actors position themselves between a source and destination to transparently monitor, capture, and control the communication. They could simply eavesdrop by inspecting captured packets or alter packets and forward them to their original destination.
Man-in-the-middle attack (MiTM)
This is used to perform network reconnaissance and scanning attacks.
ICMP unreachable
Contains an 8-bit binary value that is used to limit the lifetime of a packet.
Time-to-Live (TTL)
This 20-bit field suggests that all packets with the same (-----) receive the same type of handling by routers.
Flow Label
Threat actors faking the source IP address in an attempt to perform attacks.
Address spoofing attacks
This is used to lure a target host into sending all traffic through a compromised device and create a MiTM attack.
ICMP redirects
Rather than acknowledge one segment at a time, multiple segments can be acknowledged with a single acknowledgment segment.
Flow control
As an IP packet moves through the internet, it might need to cross a route that cannot handle the size of the packet.
Identification, Flag, and Fragment offset
Next Header
Threat actors gain access to the physical network, and then use an MiTM attack to gain control of a session.
Session hijacking
This is used to inject bogus route entries into the routing table of a target host.
ICMP router discovery
TCP incorporates acknowledgments to guarantee delivery, instead of relying on upper-layer protocols to detect and resolve errors. If a timely acknowledgment is not received, the sender retransmits the data. Requiring acknowledgments of received data can cause substantial delays.
Reliable delivery
Formerly called the Type of Service (ToS) field, the (--) field is an 8-bit field used to determine the priority of each packet.
Differentiated Services or DiffServ (DS)
Threat actors use echo packets (pings) to discover subnets and hosts on a protected network, to generate DoS flood attacks, and to alter host routing tables.
ICMP attacks
This is used to map an internal IP network.
ICMP mask reply
Occurs during the TCP three-way handshake. Before data can be transferred using TCP, a three-way handshake opens the TCP connection. If both sides agree to the TCP connection, data can be sent and received by both parties using TCP.
Stateful communication