In RFC 791, the IP was responsible for addressing and fragmentation. We'll discuss addressing in a later section, but for now, let's outline what fragmentation is and why it may be necessary.

On the network, various values are monitored:

• The Maximum Segment Size (MSS) is the data payload.
• The Maximum Transmission Unit (MTU) is the MSS plus the transport layer headers.

When data is routed on the network, it may encounter a segment with an MTU that is smaller than the packet size. If allowed, fragmentation can be used, which divides a datagram into smaller pieces, so that they can be sent on the network with a restrictive MTU.

The following fields are related to fragmentation: Identifier, Flags, and Fragment offset. Total length is, in part, related to fragmentation. However, it has other implications as well.

Although, on today's networks, we rarely see fragmentation, it's a good idea to become familiar with the fields and flags dealing with fragmentation for a couple of reasons:

• During troubleshooting, you may need to look at the fields when determining why data may not be getting through.
• During a security assessment, since use of the fragmentation fields could be an indication of malicious activity.

Let's look at the next four fields in the IP header:

• Total length 16-bit: This indicates the value of the header length and any data. The field value is 16-bit, which means the entire length cannot exceed 2¹⁶, or 65,535 bytes.

Network devices monitor datagram lengths and may impose size restrictions. In that case, if the packet is too large, it may have to be fragmented or rerouted in order to be delivered.

• Identification 16-bit: This field is used to identify the datagrams when data is fragmented. In that case, all fragments will have the same ID.
• Flags: In an IP header, there are three flags, as shown in the following screenshot:

• Fragment Offset 13-bit: After the three flags in the IP header, there is a Fragment offset field, which provides information on how to reassemble the fragments when using fragmentation.

In most cases, the IP header flags will be set at Don't Fragment, because, in today's networks, fragmentation is not used as most pipelines have generous bandwidth with an acceptable MTU.

Internet Control Message Protocol (ICMP) acts as a scout for the IP. When ICMP encounters a network with an MTU that is smaller than the size of the packet, and the Don't Fragment bit is set, the router will drop that packet. ICMP will then notify the source by sending a type 3 code 4 ICMP message: Destination Unreachable: Fragmentation Needed and Don't Fragment was Set.

To successfully send data through a network with restrictive bandwidth without using fragmentation, the sending host must retransmit the data using a smaller MSS.

The next few fields are more administrative, as they hold values related to the number of hops, the protocol that follows the IP header, and the checksum, which is used for error detection.