• A value that is calculated based on the contents of the IP header.
• Used to determine if any errors have been introduced during transmission.

• This 8-bit field replaces the IPv4 TTL field.
• This value is decremented by a value of 1 by each router that forwards the packet.

Threat actors position themselves between a source and destination to transparently monitor, capture, and control the communication. They could simply eavesdrop by inspecting captured packets or alter packets and forward them to their original destination.

This is used to perform network reconnaissance and scanning attacks.

Contains an 8-bit binary value that is used to limit the lifetime of a packet.

This 20-bit field suggests that all packets with the same (-----) receive the same type of handling by routers.

Threat actors faking the source IP address in an attempt to perform attacks.

This is used to lure a target host into sending all traffic through a compromised device and create a MiTM attack.

Rather than acknowledge one segment at a time, multiple segments can be acknowledged with a single acknowledgment segment.

As an IP packet moves through the internet, it might need to cross a route that cannot handle the size of the packet.

• This 8-bit field is equivalent to the IPv4 Protocol field.
• It indicates the data payload type that the packet is carrying, enabling the network layer to pass the data to the appropriate upper-layer protocol.

Threat actors gain access to the physical network, and then use an MiTM attack to gain control of a session.

This is used to inject bogus route entries into the routing table of a target host.

TCP incorporates acknowledgments to guarantee delivery, instead of relying on upper-layer protocols to detect and resolve errors. If a timely acknowledgment is not received, the sender retransmits the data. Requiring acknowledgments of received data can cause substantial delays.