-1

I need to sort out something about the IPv4 header. For example the following frame with an Ethernet-II frame with an IPv4 packet starting at the fifteenth byte.

0000: 08 00 20 7c 94 1c 00 00 - 39 51 90 37 08 00 45 00

0010: 00 3e 36 00 00 00 80 11 - da 4f 82 eb 12 7f 82 eb

0020: 12 0a 04 01 00 35 00 2a - ee 6a 00 01 01 00 00 01

0030: 00 00 00 00 00 00 06 67 - 65 6d 69 6e 69 03 6c 64

0040: 63 02 6c 75 02 73 65 00 - 00 01 00 01

I need to sort somethings out:

  1. What does the 0000 & 0010 & 0020 & 0030 on the left stands for?
  2. I just cant sort it out is 1 pair for example the first one 08 two bits or?
  3. And if the IPv4 starts at fifteenth byte(1 byte = 8 bits) where does it start then, have problems to understand this because i dont get number 2.

Thank you for your time.

user1761911
  • 25
  • 1
  • 3

2 Answers2

1

”45” in your first line of hexdump is the 1st byte of the ip header (15th byte of the ethernet frame). Each line is 16 bytes.

Also, in the beginning of each line has an offset like e.g. ”0010: ” (in hex) means the starting offset from the start of the whole dump.

Your first line would be, (total 16 bytes),
dmac(6)+smac(6)+etype(2)+ first2byte_of_ip(2)

and your first byte of ip is hex ”45”, you can lookup the detail ip header field in wikipedia.

user1500049
  • 993
  • 7
  • 15
-1

It would be nice if you can read wireshark user's guide on your own. Anyway, to answer your question,

1) What does the 0000 & 0010 & 0020 & 0030 on the left stands for?

It stands for hexdump offset. You can refer to this page.

2) I just cant sort it out is 1 pair for example the first one 08 two bits or?

It is (part of ) destination MAC address. Entire MAC address should be 08 00 20 7c 94 1c.

3) since Q2 is now answered, this should not be problem for you.

Nehal Dattani
  • 933
  • 6
  • 15
  • you answer question 2 completely wrong (it was about *how* it was represented, not *what* it represents), which makes your answer to q3 nonsense. – KillianDS Oct 21 '12 at 16:35