In this video, you will learn to: describe how the IP protocol uses IP addresses to route traffic. Describe the contents of the IP protocol header. Describe how network mask work and why they are necessary. The Internet Protocol, or IP protocol, works with layer 3 devices which use the IP header to identify and process traffic. All routers inspect the destination address of each packet, but stateful firewalls also inspect the source address so they can identify where the traffic is coming from. As we saw in the last video, IP addresses are represented by a quad dot notation or a string of four numbers separated by dots, for example, 10.195.210.10. As you can see, there are four octets or four groups of eight binary bits separated by dots. In decimal form, an eight-digit binary number can take on a value from 0-255, always a positive integer. In binary form, the range is expressed as 00000000-11111111. A routable protocol is a protocol that can be routed outside of the network it was originated in. Normally, this would be the Internet. IP is a routable protocol, but not all IP addresses are routable. For these reasons, it's very important that you're very comfortable with how IP addresses work, including the purpose of subnet masks and default gateways. So this is an example of an IP protocol header. The version of the protocol, whether it's IPv4 or IPv6, is the first thing declared in the header. This makes sense if you think about it. Since the IPv4 and IPv6 headers are different, the device doing the inspection would have to know how to interpret the header before it could make sense of it. TTL is Time to Live. When a packet is sent, a TTL value is set to limit the number of hops the packet can take before it's dropped. Each time the packet is inspected by a level three device, the TTL is decreased by one. When it hits zero, the router will drop the packet instead of forwarding it. This is done to prevent packets with bad IP addresses from bouncing all around the Internet forever, leading to unmanageable congestion. This is an eight-bit fields, so we already know that it can contain values from 0-255, but the Internet standards committee recommends the TTL be set at 64 for most normal traffic. Note that TTL is measured in hops for the IP protocol, but some protocols like DNS, it's measured in seconds. Another important field is the protocol. Each protocol has an ID. For example, ICMP or ping is protocol 1, TCP is protocol 6, and UDP has an ID of 17. Two very important fields are the source and destination IP addresses. The source IP address identifies the endpoint that is sending this packet, and obviously the destination IP address is where the packet is being sent to. Finally, payload is the content of the message that's being sent. Using Wireshark to capture a few packets, first you see the frame, then the layer 2 data, the MAC addresses are at this level. Then there's layer 3, which in this case is the Internet Protocol version 4. This is the source IP address, this is the destination IP address. The protocol is ICMP. The computer with the IP address ending in.104 is trying to ping a computer at an address that ends in.1. So now let's talk about network masks. The subnet mask is the assignment of bits to be used by the host or router to determine how the network and the subnet information is partitioned from the host information in the IP address. You remember from the last video the /24 at the end of the IP address that indicated the first 24 bits or three octets of that particular IP address was the network portion leaving the last eight bits or one octet for the host address. The network mask is what accomplishes this division of an IP address into a network and a host segment. This complexity is necessary because different networks are configured to use different amounts of the IP address for the network and the host. Recall the discussion of the class A, class B, class C, and class D network schemers. On the survey, you see the IP address with a prefix of 24. Twenty-four means the first 24 bits or three octets, or for the network portion, and the last octet is for the host portion. When we create a packet that has to go outside of our local network, it'll be sent to the default gateway. So in this case, we need to communicate with a host outside of the network. So the packet will be sent to this address. This is the router that acts as our default gateway. The gateway will forward the packet on outside of our network segment. So whenever we need to communicate with a system that's outside of our network segment, we only need to talk to our gateway and it will manage the traffic going to points outside of our network or coming in from the outside. If we need to communicate with a host that's inside of our network, any switch or hub can do that job. But instead of sending the packet to the default gateway, our system will look in the MAC table to translate the IP address to a MAC address. So the packet will be forwarded directly to the local recipient. The broadcast IP address is in a sense, the opposite of a network mask. In this case, the broadcast IP address will have all the octets for the network portion of the original IP address with the octets or bits for the host portion turned on or are all set to one. For this computer, the IP address is 192.168.52.3 and the broadcast address would therefore be 192.168.52.255. As you can see, all the bits of the host portion of the address are turned on.
