Certlets

Frames and Headers

Frames and Headers

Ethernet 802.3

6 bytes 6 bytes 2 bytes variable # bytes 4 bytes
Destination MAC Source MAC Length Payload CRC

Ethernet II

6 bytes 6 bytes 2 bytes 46-1500 bytes 4 bytes
Destination MAC Source MAC EtherType Payload CRC

Common EtherTypes

EtherType Payload Contains
0x0800 IPv4
0x0806 ARP
0x8100 802.1q (VLAN)
0x86DD IPv6

Ethernet II/802.3 Frame

Offsets Octet 0 1 2 3
Octet Bit 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
0 0 Destination MAC Address
4 32 Destination MAC Address Source MAC Address
8 64 Source MAC Address
12 96 EtherType/Length Payload
Payload
CRC

Ethernet 802.3 Frame with 802.1q VLAN tag header

Offsets Octet 0 1 2 3
Octet Bit 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
0 0 Destination MAC Address
4 32 Destination MAC Address Source MAC Address
8 64 Source MAC Address
12 96 TPID PCP D VLAN ID
Payload (variable length)
CRC

802.11 Frame

12 bytes 6 bytes 30-2342 bytes 4 bytes
Preamble PLCP header 802.11 header and data CRC

802.11 Header and Data

Offsets Octet 0 1 2 3
Octet Bit 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
0 0 Frame Control Duration/ID
4 32 Address 1
8 64 Address 1 Address 2
12 96 Address 2
16 128 Address 3
20 160 Address 3 QoS
24 192 HT Control
28 224 Address 4
32 256 Address 4 Data (0-2342 bytes)
Data (0-2342 bytes)

ARP Header

Offsets Octet 0 1 2 3
Octet Bit 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
0 0 Hardware Type Protocol Type
4 32 Hardware Address Length Protocol Address Length Operation
8 64 Sender Hardware Address
12 96 Sender Hardware Address (cont) Sender Protocol Address
16 128 Sender Protocol Address (cont) Target Hardware Address
20 160 Target Hardware Address
24 192 Target Protocol Address

ICMP Header

Offsets Octet 0 1 2 3
Octet Bit 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
0 0 Type Code Checksum
4 32 Contents vary based on the ICMP Types and Codes

ICMP Ping (Echo Request/Echo Reply)

Offsets Octet 0 1 2 3
Octet Bit 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
0 0 Type Code Checksum
4 32 ICMP Identification ICMP Sequence

Common ICMP Types and Codes

Type Code Name
0 0 Echo Reply
3 0 Network Unreachable
1 Host Unreachable
3 Port Unreachable
6 Destination Net Unknown
9 Net Admin Prohibited
10 Host Admin Prohibited
13 Admin Prohibited
8 0 Echo Request
9 0 Router Advertisement
11 0 TTL exceeded in transit
1 Fragment reassembly required
30 0 Traceroute

IPv4 Header

Offsets Octet 0 1 2 3
Octet Bit 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
0 0 Version IHL DSCP ECN Total Length
4 32 Identification Flags Fragment Offset
8 64 Time to Live (TTL) Protocol Header Checksum
12 96 Source IPv4 Address
16 128 Destination IPv4 Address
20 160 Options

IPv6 Header

Offsets Octet 0 1 2 3
Octet Bit 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
0 0 Version Traffic Class Flow Label
4 32 Payload Length Next Header Hop Limit
8 64 Source IPv6 Address
12 96
16 128
20 160
24 192
28 224 Destination IPv6 Address
32 256
36 288

TCP Header

Offsets Octet 0 1 2 3
Octet Bit 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
0 0 Source Port Destination Port
4 32 Sequence Number
8 64 Acknowledgement Number (if ACK is set)
12 96 Data Offset Reserved NS CWR ECE URG ACK PSH RST SYN FIN Window Size
16 128 Checksum Urgent Pointer (if URG is set)
20 160 Options

TCP Flags

Flag Description
NS Nonce sum
CWR Congestion window reduced
ECE ECN echo
URG Urgent
ACK Acknowledgement
PSH Push
RST Reset
SYN Synchronize
FIN Finish

Common TCP Options

Option Type Details
0 End of Options List
1 No Operation (NOP)
2 MSS
3 Window Scale
4 SOK
5 SACK
6 Timestamp

Common TCP Ports

Port Protocol
20/21 FTP
22 SSH
23 Telnet
25 SMTP
80 / 443 HTTP / HTTPS
110 POP3
115 SFTP
143 IMAP
179 BGP
3306 MySQL
3389 RDP

UDP Header

Offsets Octet 0 1 2 3
Octet Bit 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
0 0 Source Port Destination Port
4 32 Length Checksum

Common UDP Ports

Port Protocol
53 DNS
67 / 68 BOOTP / DHCP
80 HTTP/3 QUIC
88 Kerberos
111 Sun RPC
123 NTP
137 / 138 NETBIOS
161 / 162 SNMP
500 ISAKMP
514 SYSLOG
520 RIP
546 / 547 DHCPv6c / DHCPv6s

DNS Header

Offsets Octet 0 1 2 3
Octet Bit 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
0 0 Identification QR Opcode AA TC RD RA Z AD CD RCode
4 32 Total Questions Total Answers
8 64 Total Authority Resource Records Total Additional Resource Records

DHCP Header

Offsets Octet 0 1 2 3
Octet Bit 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
0 0 Operation (Request/Reply) Hardware Type Hardware Length Hops
4 32 Transaction ID
8 64 Seconds Elapsed B Flags
12 96 Client IP Address
16 128 Offered IP Address
20 160 Next Server IP Address
24 192 Relay Agent IP Address
28 224 Client MAC Address plus padding (16 bytes)
36 288
40 320 Server Hostname (64 bytes)
100 800
104 832 Boot Filename (128 bytes)
228 1824
232 1856 Magic Cookie (0x63825363)
236 1888 Options (variable length)

Author

Certlets