Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
May the source be with you, but remember the KISS principle ;-)
Skepticism and critical thinking is not panacea, but can help to understand the world better

Internet Layer of TCP/IP Protocol

(Adapted from Lecture notes for FDU students by Professor Nikolai Bezroukov)


TCP/IP Networks Recommended Books Recommended Links RFCs An observation about corporate security Classic Net tools
Internet Control Message Protocol (ICMP) IPv6 Address types sniffers tcpdump snoop Solaris Networking Certification
Subnetting and VLSM Subnet Mask Cheat Sheet Link aggregation Trunking / Bonding Multiple Network Interfaces Address Resolution Protocol (ARP) Application Layer Transport Layer
TCP/Protocol layers OSI Protocol Layers   An observation about corporate security Sysadmin Horror Stories Humor Etc



IP Datagram Header

IP Address Types

Receiving packets


Internet protocol (IP) is implemented in most OSes like Solaris or windows in kernel. It is documented in RFC 791.  The Internet layer attempts to ensure that messages reach their destination system using the most efficient route. The Internet layer includes the Internet Protocol (IP) and Internet Control Message Protocol (ICMP).

Using a routing table, the Internet layer determines the next directly accessible node in route to the packet’s destination. This node is either the destination itself or the most immediate gateway to the destination.  In essence, the Internet layer is responsible for end to end (source to destination) packet delivery, whereas the data link layer is responsible for node to node (hop to hop) packet delivery.

The IP protocol  is responsible for fragmenting and routing data, while ICMP assists routing, and performs error detection and other network management tasks.

Internet Protocol (IP)

IP encapsulates data into IP datagrams, which in turn are encapsulated inside Network Interface layer frames.

IP datagrams are the basic units of information that are passed across a Transmission Control Protocol/Internet Protocol (TCP/IP) network. The datagram header contains information, such as the source IP address and the destination IP address. The header also contains information about which protocol will receive data from IP. These protocols are the User Datagram Protocol (UDP), the Transmission Control Protocol (TCP), and ICMP.

The IP implements two basic functions addressing (routing) of packets and  fragmentation of packets:

For the IP layer each internet datagram as an independent   entity unrelated to any other internet datagram.  There are no concepts of connections or logical circuits (virtual or otherwise) on this layer.  It uses  The uses four fields in the IP header to perform its functions:  Type of Service, Time to Live, Options, and Header Checksum. A time-to-live (TTL) field determines how many routers or hosts can process a datagram before the datagram must be discarded.

Application data must fit in the data portion of Ethernet frame (or other Network interface layer protocol) as defined by MTU.  If packet is larger it should be fragmented at the router.  On Solaris MTU of network interface can be seen by using  command ifconfig -a as a root.


ICMP is a companion protocol to IP.  It enables systems to send control or error messages to other systems. Essentially ICMP is a communication protocol between IP protocol implementations on two connected systems.

Message types that are send include:

Additional details of ICMP protocol are provided on a separate page.

IP Datagram Header

An IP datagram is structured as whom below:
Version IHL TOS Total Length
Identification Flags Fragment Offset
TTL Protocol Header Checksum
Source IP Address
Destination IP Address
Options Padding

Payload (TCP/UDP/ICMP etc.)

The IPv4 datagram header fields.

Refer to RFC 791 for detailed information about the header fields.

IP Datagram Payload

The IP datagram payload can contain any one of the following: a UDP datagram, a TCP segment, an ICMP message, or an Internet Group Management Protocol (IGMP) message.

IP Address Types

IPv4 addresses are 32 bits in length. Each 8-bit field, or octet, is represented by a decimal number between 0 and 255 (for example,

Each IPv4 address identifies a network and a unique interface on that network. The value of the high-order bits (first three bits) determine which portion of the IPv4 address is the network number and which portion is the host number. The network numbers are divided into three classes: Class A, Class B, and Class C. This addressing scheme is called classful IPv4 addressing.

Unicast Addresses

A system uses unicast addresses when it needs to communicate with another system. There are three classes of unicast addresses: Class A,  Class B, and Class C.

Broadcast Addresses

A broadcast address is the address that reaches all systems on the network. A broadcast means that data is simultaneously sent to all of the hosts on the local area network (LAN). The default broadcast address is an address that has a host number of all ones when represented in binary. An example of a broadcast address is You use the ifconfig utility to configure an interface’s broadcast address.

This is similar to MAC broadcasts, in which a special address with all 1s is used for broadcast purposes (FF:FF:FF:FF:FF). In a similar manner, if all bits in the host part of the IP address are 1, it is considered a broadcast address. If you use the rightmost octet for host addressing and the remaining three octets for the network part, for example, all 1s in the rightmost octet will make this address a broadcast address. In network, the broadcast address is If you use the two rightmost octets for the host part of the IP address, the netmask will be If a host has an IP address with a netmask, the network address will be and the broadcast address will be

Address is a special type of broadcast, and any packet sent to this address is received by all hosts on a network. However, routers usually don't forward broadcast IP packets to avoid flooding the Internet (commonly known as a denial of service, DoS, attack).

Multicast Addresses

Multicasting is a very efficient way to send large amounts of data to many systems at the same time. A multicast address identifies interfaces that belong to a specific multicast group. Packets that are sent to a multicast address are received by all interfaces that are associated with the multicast address.

If the first four bits are 1110, which makes the first field an integer value between 224 and 239, the address is a multicast address. The remaining 28 bits comprise a group identification number for a specific multicast group. An IPv4 multicast address is a destination address for one or more hosts, while a Class A, B, or C address is an address for an individual host. The IPv4 multicast address maps to an Ethernet multicast address so that the network interface listens for a multicast traffic. The low-order 23 bits of the IPv4 multicast address are placed into the low-order 23 bits of the Ethernet multicast address. Therefore, an IPv4 multicast address of maps to 01:00:5e:00:00:01.

Receiving packets

When the Internet  layer of any host receives an IP packet,  it compares the destination IP address with its own IP address. If the destination address is not the host's own IP address or a broadcast address, the IP layer discards it.

Recommended Links

Google matched content

Softpanorama Recommended

Top articles


Network layer - Wikipedia, the free encyclopedia

From Wikipedia


The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D

Copyright © 1996-2018 by Dr. Nikolai Bezroukov. was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) in the author free time and without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to make a contribution, supporting development of this site and speed up access. In case is down you can use the at


The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Last Modified: March 12, 2019