Internet Protocol

Internet Protocol

The Internet Protocol (IP) layer sits between the Ethernet and Transport layers in the stack. Thus, it provides the interface between the underlying physical transport and the logical transport used by applications. It manages the mapping between hardware (MAC) addresses and software addresses for network interfaces. To connect a local area network to the Internet, it is necessary to obtain an IP network number from the InterNIC. However, since most Solaris software uses TCP/IP for network operations, even when not connected to the Internet, it is necessary to become familiar with IP, its configuration, and its major operational issues. Although IPv6 is the new version of IP, IPv4 is still widely deployed, so all of the material in this chapter relates to IPv4 (IPv6 is covered in Chapter 36).

IP carries out the following functions in the stack: addressing, routing, formatting, and fragmentation. Addressing involves mapping hardware addresses to software addresses, while routing involves finding a path to transmit a packet from a source network interface to a destination network interface. Formatting involves inserting specific types of data into a packet to ensure that it reaches its destination, and fragmentation involves the division of packets into fragments where a packet is too large to be transmitted using the underlying medium.

IP relies on three other protocols for its operation: the Address Resolution Protocol (ARP) ensures that datagrams are sent to the correct destination network interface from a source network interface by mapping IP addresses to hardware addresses. The Reverse Address Resolution Protocol (RARP) is responsible for mapping hardware addresses to IP addresses. The Internet Control Message Protocol (ICMP) is involved with the identification and management of network errors, which result from packets being dropped, physical disconnection of intermediate and destination routers, or a redirection directive issued by an intermediate or destination router.


The ping command is typically used as the interface to check for errors on the network.

The key data structure used by IP is the datagram. Details about the datagram are recorded in the packet’s header, including the addresses of the source and destination hosts, the size of the datagram, and the order in which datagrams are to be transmitted or received. The structure of the IP datagram is shown in Figure 34-1.

Click To expand Figure 34-1: Structure of IP datagrams.

The IP Version is an integer which defines the current IP version (that is, 4). The IP Header Length specifies the size, in bytes, of the packet header—generally, the header is 20 bytes in length, because IPv4 options are not often used. The Type of Service specifies, in 8 bits, what type of data is being handled. This allows packets to be designated as requiring high speed, high reliability, or maximum bandwidth. Bits 0–2 are responsible for determining the message priority, with the following values being supported:

  • 000 Normal traffic

  • 001 Priority traffic

  • 010 Immediate traffic

  • 011 Flash traffic

  • 100 Flash override traffic

  • 101 Critical traffic

  • 110 Internet control traffic

  • 111 Network control traffic

Bits 3–5 specify whether low (0) or high (1) priority be given to speed, bandwidth, or reliability, respectively, while the last two bits are reserved.

The total packet length is specified by a 16-bit number, which has a maximum of 65,535 bytes. However, this value is largely theoretical because framing through hardware layers (such as Ethernet and modems) sets this value to be much lower in practice. Large packets need to be fragmented—that’s where the identification, fragmentation flags, and fragmentation offset come into play. The identification field is a 16-bit identifying number for reassembly. The fragmentation flag is a 3-bit number that indicates whether a packet may or may not be fragmented and whether the current fragment is the last fragment or other fragments are to be transmitted. The fragment offset is a 13-bit number that indicates where a fragment lies in the sequence of fragments to be reconstructed.

The time to live specifies the number of hops permitted before the packet expires and is dropped. The protocol number (defined in /etc/protocols) specifies which protocol is to be used for data definition. The supported protocols are shown in Table 34-1. The header checksum determines whether the packet header has been corrupted by using a cyclic redundancy check. The origin and target addresses are the IP addresses of the source and destination hosts, respectively, for the packet.

Table 34-1: Supported Solaris Protocols








Internet Protocol




Internet Control Message Protocol




Gateway-Gateway Protocol




Transmission Control Protocol




Exterior Gateway Protocol




PARC Universal Packet Protocol




User Datagram Protocol




Host Monitoring Protocol




Xerox NS IDP




Reliable Datagram Protocol

A set of options up to 40 bytes can also be specified in the header, although these are not always used. The following options are available:

  • End of Option list Marks the end of the list of options, because it can be a variable length list.

  • No Operation Defines the boundary between options.

  • Security Used to specify security levels for the traffic.

  • Loose Source Routing Origin provides routing that may be followed.

  • Strict Source Routing Origin provides routing that must be followed.

  • Record Route Stores the route of a datagram.

  • Stream Identifier Used to support streaming.

  • Internet Timestamp Records the time in milliseconds since the start of UT.

The following security levels are defined:

  • 00000000 00000000 Unclassified

  • 11110001 00110101 Confidential

  • 01111000 10011010 EFTO

  • 10111100 01001101 MMMM

  • 01011110 00100110 PROG

  • 10101111 00010011 Restricted

  • 11010111 10001000 Secret

  • 01101011 11000101 Top Secret

The correct interpretation of these levels can be determined from the Defense Intelligence Agency Manual DIAM 65-19. A more accessible reference is MIL-STD-2411-1, the Registered Data Values For Raster Product Format specification ( ).

Exercise 34-1 Security Levels  Check the MIL-STD-2411-1 document and make a list of all available security levels.

The packet can be padded to ensure that the length of the header is 32 bits where necessary and separates the header from the packet data.

In order to check whether IP packets are being transmitted correctly between a source and destination network interface, and all intermediate routers, the traceroute command can be used.


The traceroute command does not display the contents of packet headers and data like the snoop command.

Part I: Solaris 9 Operating Environment, Exam I