0

Hi, I'm trying to read IP packet headers manually from a hex file. From what I understand an IP header has 20 bytes: version, HL, TOS,total length, ID, flag, fragments,ttl, protocol, checksum, source ip and destination IP. In hex that would be something like this (20 bytes - double digits = 1 byte), A1 01 2C 1A being the source IP so the following 4 bytes is the destination ip means the end:

45 00 00 28 20 8F 40 00 80 06 00 00 A1 01 2C 1A BC D6 1D EF

but then i found a few that had more then 20 bytes as in the 20th byte was the last byte of the source IP but that wouldn't make sense coz in the IP stucture, the source IP is followed by destination IP meaning that the header found is 24 bytes instead of 20 bytes, like :

45 00 00 50 43 E8 00 00 40 06 5A DB 36 FB 98 DB A1 01 2C 1A 04 BA A4 D1

what does this mean? why is there extra bytes? even if the "option" field was to be counted in isn't it after destination ip address? Or is it possible for the source and destination address to switch places? meaning that the last 4 bytes is the source ip and the preceding 4 bytes is the destination ip?

*hope i explained things properly

3
Contributors
6
Replies
23
Views
1 Week
Discussion Span
Last Post by cereal
0

I put this into https://www.gasmi.net/hpd/ and those addresses look like MAC addresses.

As you learn IP you learn about how packets on a LAN often go from one place to another using this rather than the IP address.
Decode these with tools until you complete your IP lessons.

0

But, i got that ip from using ipconfig and then converted it to hex and used it to search for that address in 010 Editor to look for the ip header.

0

So the Source and Destination addresses switch places btwn each other on LAN? Coz I'm using Oracle VM VirtualBox to get Windows 7 hex dumps and well it only has ethernet adapter.

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.