When looking at the IPv4 header, there are a few fields that are not directly related to routing or addressing packets, but provide a role that may influence other types of behavior. The following three fields hold a specific value:

• Time to live 8-bit: The fathers of the internet realized early on that there must be a way to stop a packet from continually traveling through the network. This can happen if there is a misconfiguration and/or the packet is in a routing loop.

During regular operations, this most likely won't happen. However, in case there is a routing loop, the Time to Live (TTL) field value in an IP header is the number of routers or hops a packet can take before dropping the packet. Every time the packet reaches a router, the number decrements by 1. When the TTL value reaches 0, the packet is dropped and an ICMP type 11 (TTL expired in transit) is sent to the sender. The TTL field is 8-bit, so the maximum value is 2⁸, or 255 hops.

In frame 1, the TTL field is set at Time to live: 64, which is the default value for this field. The value varies as it is OS-dependent. To see the TTL values of various OSes, go to https://subinsb.com/default-device-ttl-values/.

• Protocol 8-bit: The protocol field identifies the higher-layer protocol that follows the IP header. The field identifies the protocol (which is usually a transport layer protocol) that is carried in the datagram. In frame 1, we see the value as Protocol: UDP (17).
• Header checksum 16-bit: This field is used to house the checksum value. Similar to the checksum in the TCP header, this value is used for error detection. In frame 1, we see the checksum and notification from Wireshark that the checksum validation is disabled:

Header checksum: 0xee5e [validation disabled]
[Header checksum status: Unverified]

In most cases, it's best to disable validation as the value will be incorrect due to the value offloading to the NIC card.

One of the more significant elements in the IP header is addressing, as we'll discuss in the following section.