Hi, I'm trying to read IP packet headers manually from a hex file. From what I understand an IP header has 20 bytes: version, HL, TOS,total length, ID, flag, fragments,ttl, protocol, checksum, source ip and destination IP. In hex that would be something like this (20 bytes - double digits = 1 byte), A1 01 2C 1A being the source IP so the following 4 bytes is the destination ip means the end:
45 00 00 28 20 8F 40 00 80 06 00 00 A1 01 2C 1A BC D6 1D EF
but then i found a few that had more then 20 bytes as in the 20th byte was the last byte of the source IP but that wouldn't make sense coz in the IP stucture, the source IP is followed by destination IP meaning that the header found is 24 bytes instead of 20 bytes, like :
45 00 00 50 43 E8 00 00 40 06 5A DB 36 FB 98 DB A1 01 2C 1A 04 BA A4 D1
what does this mean? why is there extra bytes? even if the "option" field was to be counted in isn't it after destination ip address? Or is it possible for the source and destination address to switch places? meaning that the last 4 bytes is the source ip and the preceding 4 bytes is the destination ip?
*hope i explained things properly