How does IPv4 work?

IPv4 Functions

IPv4 (Internet Protocol version 4) operates at the Internet layer in the TCP stack (or layer 3 in the OSI model). It has two major responsibilities:

  1. Logical addressing
  2. Packet routing.

Logical Addressing

IP addresses are 'logical' addresses - they aren't permanently connected to any specific device and they can be allocated on a network by an administrator to create any network topology that they see fit.

IP addressing is used to identify source and destination hosts which could be on the same LAN or could be on different networks in different parts of the world. IP routing makes it possible to get from the source to the destination by forwarding packets from hop to hop, regardless of the physical infrastructure in between – potentially the packet will have to travel across many different connected networks to reach its destination.

Basic Routing Process

  1. Typically the process starts with an end-user device, or host, creates an IP with the destination address the packet is for and it sets the source address to its own address.
  2. The host will forward the packet on to its default gateway, probably a router at the edge of the LAN.
  3. Based on the destination IP address, this router will decide who to forward the packet to next, probably a router belonging to the user's ISP (Internet Service Provider).
  4. The router in the ISP will have a big table with routes and it will see which is the best match for the destination of the packet and forward the packet onwards.
  5. The packet will potentially hop around a few more routers which will each find the best next-hop to send it on to based on their routing table.
  6. Eventually, the packet will reach a router which has a route to the specified destination IP address and for forward it on to the recipient.

Although the IP packet will remain pretty much the same all the way through, each router will read and decapsulate (pop off) the lower level header and trailer and encapsulate the packet in a new header and trailer for the next hop. The data could be sent in an Ethernet frame, an HDLC frame or some other link-layer format.

Like a postal address, IP address can be split in up with the first part identifying a general network (like a town or a street) and the second part identifying a specific host (like giving a specific house number). When each router looks up the best route, the route it has may match a portion of the address (like a sorting office identifying the correct town to send the mail to) or it could be for the exact address (like the local post office which knows the exact route to the house).

These routes could be programmed in manually (static routes) or they can be learned from other routers automatically using routing protocols.

IPv4 Packet Header

Data which is sent over IP is broken up into packets, where each packet has an IPv4 header appended to the data being transferred. The header has a total length of 20 bytes if there are no options set made up of different fields which are explained below.


Length: 4 bits

Internet protocol version – for IPv4, this will be 4.

Internet Header Length (IHL)

Length: 4 bits

The length of the packet header in 32-bit words. The minimum value is 5 (5 x 32 gives 160 bits or 20 bytes). If the value is greater than 5, the packet includes additional options and padding.

Type of Service or Differentiated Services Field

Length: 8 bits

This field may be used to indicate the importance of the traffic being carried to give some types of traffic preference over others. Originally this was defined as different ‘types of service’, today there is a differentiated services (Diffserv) definition which is used.

Total Length

Length: 16 bits

This field specifies the total length of the packet including the header and the payload. It is measured in bytes.

Identification (IPID)

Length: 16 bits

The IPv4 IPID field exists to help reassemble data where it has been fragmented across multiple packets. If the data is not fragmented then the IP ID field is sometimes used for other purposes.


Length: 3 bits

This field is used to define fragmentation properties of the packet. It may specify that the packet must not be fragmented (broken up) and it may also indicate that the packet has been fragmented (unless it is the last fragment). Today it can also be used for path maximum transmission unit (MTU) discovery.

Fragment Offset

Length: 13 bits

This field is used for specifying how far a fragment packet is offset from the first fragment. The offset of the first fragment will be zero.

Time to Live

Length: 8 bits

This field specifies how long the packet has left to ‘live’ as it travels across networks. In reality, the value of this field is typically decremented by one every time it hits a new network device (such as a router). If it reaches a value of zero then the packet ‘dies’ and gets dropped instead of forwarded. This prevents packets from hopping around a network indefinitely.


Length: 8 bits

The IPv4 protocol field indicates the protocol of the data being carried. For example, TCP data is being encapsulated then the value of the protocol field is 6 but if UDP is being carried then the value is 17.

Header Checksum

Length: 16 bits

The checksum is used to make sure that there are no errors in the IP header. When a packet arrives at the router, the router will check whether the checksum is correct for the header and if not then the packet will be dropped. The IP header checksum does not take into account the data being carried, it is just based on the header.

Source IP Address

Length: 32 bits

This field contains the IPv4 address of the source of the packet. It is used to get the reply back to the sender. In some cases, the source address will be changed as the packet moves between networks using ‘network address translation’.

Destination IP Address

Length: 32 bits

This is the IPv4 address of the destination for the packet. Like the source address, this may be changed by ‘network address translation’ in some cases such as crossing network boundaries. It is used to get the packet to the correct recipient.

Options and Padding

Length: Variable

IPv4 options are optional and rarely used. If an option is used which doesn’t make up a full 32-bit word then padding is added.

IPv4 Addressing

IP addresses provide logical addressing across networks. They may be assigned and reassigned to hosts (and network infrastructure) by users, system administrators or automatically. Deciding what address to assign to a specific interface can be complex and may be based on a series of rules.

IP addresses are 32 bits long. Instead of representing them as 1 big number, we tend to split them up into groups of 8 bits (octets) and write each octet as a decimal number which will be between 0 and 255. For example, Representing IP addresses in this way is known as 'dotted-decimal notation'.

In the same way that a postal address has a portion to specify the right town and a portion to specify the exact house, IP addresses have a portion to specify the network that the host is on and then a portion to identify the individual interface.

IPv4 Address Classes

Early on in the development of the internet (the 1980s), it was decided to have 5 different classes of IP address. Different classes would use a different proportion of bits to represent the network and host. This meant that large organisations could be given an address that allowed them to have lots of hosts and small organisations could have a smaller address space. Unfortunately, in reality, the 5 classes didn’t work – some organisations were allocated far more addresses than they needed and others didn’t have enough.

Within a given network, the network is represented by setting all of the host bits to zero. Setting all of the host bit to 1 gives the broadcast address which can be used to reach all hosts.

Class A Addresses

Network Bits: 8

Host Bits: 24

Total Number of Networks: 128

Total Number of Addresses per Network: 16,777,216

First Address:

Class B Addresses

Network Bits: 16

Host Bits: 16

Total Number of Networks: 16,384

Total Number of Addresses per Network: 65,536

First Address:

Class C Addresses

Network Bits: 24

Host Bits: 8

Total Number of Networks: 2,097,152

Total Number of Addresses per Network: 256

First Address:

Class D Addresses

First Address:

Class D is reserved for multicast addresses – addresses which can be used to reach a group of hosts.

Class E Addresses

First Address:

Class E addresses were reserved for future use and experiments.

Reserved and Private Addresses

There are some additional special address ranges which you should know about.

Loopback addresses

Range: to

Loopback addresses send data back to the host that the address belongs to. It is commonly used for testing purposes and in reality, hosts only use – the 'localhost' address.

Private Addresses

There are several ranges of private IP addresses. These addresses are not publicly routable and can be used on any private networks. The 192.168.x.x range is typically used for home networks.

  • - (65,536 addresses)
  • - (1,048,576 addresses)
  • - (16,777,216 addresses)

Basic Subnetting

We create IP networks which are made up of a group of consecutive IP addresses allocated to devices on that network. The division of addresses is called subnetting. A single group, or subnet, could contain just a couple of IP addresses or thousands depending on what devices will be a part of it. Routers separate different subnets.

Basic Host Routing

When a host wants to send an IP packet, it first checks whether the destination is in the same subnet. If it is, then the host can send the packet directly at layer 2 using Ethernet and associated protocols.

If the destination is not on the same subnet, the host will send the packet to its ‘default gateway’ for sending on to a different network.


RFC-791 Internet Protocol

Internet Engineering Task Force

Prerequisite Skills


Summary of the TCP/IP Model

Introduction The TCP/IP suite of protocols is what most modern computer networks, including the Internet, are built upon. It can be viewed…


What is a LAN?

A local-area network (LAN) connects devices within a limited physical area. Devices on a LAN will typically be connected with wires…

Follow On Cyber Learning


ARP: The Address Resolution Protocol

ARP helps us match IP addresses to hardware (MAC) addresses.


DNS: The Domain Name System

DNS is used to resolve friendly names (e.g. to IP addresses (e.g., making it vital to our use of the internet.


Introduction to IPv4 Routing

IP routing is at the heart of the internet. It enables us to get packets from A to B across the globe.


Ping and ICMP

Ping is a useful tool for checking network connectivity using the Internet Control Message Protocol (ICMP).


TCP: The Transmission Control Protocol

TCP is a connection-oriented protocol used at the transport layer to support protocols such as HTTP.


The Complete Guide to IPv4 Subnetting

Learn how to design subnets and calculate the number of hosts on each.


UDP: User Datagram Protocol

UDP is a simple transport layer protocol.


Using tcpdump: Options, Filters and Examples

'tcpdump' is a command-line tool available for UNIX based systems (including macOS and Linux) that captures network traffic and displays it on screen or saves it to a file. It is a simple but powerful tool for troubleshooting network problems, understanding protocols, investigating suspicious network activity, and much more.

Related Training Courses


Computer Networking Foundations

Understand how modern computer networks work.