Practical_modern_SCADA_protocols_-_dnp3,_60870-5_and_Related_Systems

338 Practical Modern SCADA Protocols: DNP3, 60870.5 and Related Systems
The Ver (version) field is 4 bits long and indicates the version of the IP protocol in use.
For IPv4 it is 4.
This is followed by the 4-bit IHL (Internet header length) field that indicates the length
of the IP Header in 32-bit ‘long words’. This is necessary since the IP header can contain
options and therefore does not have a fixed length.
The 8-bit type of service (ToS) field informs the network about the quality of service
required for this datagram. The ToS field is composed of a 3-bit precedence field (which
is often ignored) and an unused (LSB) bit that must be 0.
The remaining 4 bits may only be turned on (set =1) one at a time, and are allocated
as follows:
Bit 3:
Bit 4:
Bit 5:
Bit 6:
Minimize delay
Maximize throughput
Maximize reliability
Minimize monetary cost
Total Length (16 bits) is the length of the entire datagram, measured in bytes. Using this
field and the IHL length, it can be determined where the data starts and ends. This field
allows the length of a datagram to be up to 2 16 = 65 536 bytes, although such long
datagrams are impractical. All hosts must at least be prepared to accept datagrams of up to
576 octets.
The 16-bit identifier uniquely identifies each datagram sent by a host. It is normally
incremented by one for each successive datagram sent. In the case of fragmentation, it is
appended to all fragments of the same datagram for the sake of reconstructing the
datagram at the receiving end. It can be compared to the ‘tracking’ number of an item
delivered by registered mail or UPS.
The 3-bit flag field contains 2 flags, used in the fragmentation process, viz. DF and MF.
The DF (don’t fragment) flag is set (=1) by the higher-level protocol (e.g. TCP) if IP is
NOT allowed to fragment a datagram. If such a situation occurs, IP will not fragment
and forward the datagram, but simply return an appropriate ICMP error message to the
sending host. If fragmentation does occur, MF=1 will indicate that there are more fragments
to follow, whilst MF=0 indicates that it is the last fragment to be sent.
The 13-bit fragment offset field indicates where in the original datagram a particular
fragment belongs i.e. how far the beginning of the fragment is removed from the end of
the header. The first fragment has offset zero. The fragment offset is measured in units of
8 bytes (64 bits); i.e. the transmitted offset is equal to the actual offset divided by eight.
The TTL (time to live) field ensures that undeliverable datagrams are eventually
discarded. Every router that processes a datagram must decrease the TTL by one and if
this field contains the value zero, then the datagram must be destroyed. Typically a
datagram can be delivered anywhere in the world by traversing fewer than 15 routers.
The 8-bit protocol field indicates the next (higher) level protocol header present in the
data portion of the IP datagram, in other words the protocol that resides above IP in the
protocol stack and which has passed the datagram down to IP. Typical values are 1 for
ICMP, 6 for TCP and 17 for UDP. A more detailed listing is contained in RFC 1700.
The checksum is a 16-bit mathematical checksum on the header only. Since some header
fields change all the time (e.g. TTL), this checksum is recomputed and verified at each
point that the IP header is processed. It is not necessary to cover the data portion of the
datagram, as the protocols making use of IP, such as ICMP, IGMP, UDP and TCP, all have
a checksum in their headers to cover their own header and data.