Prompt
Dissect an IP packet header to understand how the protocol works.
You can read this guide to learn more about computer networking.
Data
Offsets | 0 | 1 | 2 | 3 |
0 | 01000101 | 00000000 | 00000000 | 00111100 |
4 | 10101001 | 10011010 | 01000000 | 00000000 |
8 | 01000000 | 00000110 | 01001111 | 10010011 |
12 | 11000000 | 10101000 | 10000000 | 10000000 |
16 | 10011111 | 11001011 | 01100000 | 10011010 |
Tutorial Video
Walk-Through
This challenge involves following the IPv4 specification to interpret the data using the raw binary of an IP packet. A data manipulation tool, such as the programmer version of your computer calculator or cyberchef, will help simplify certain data conversion steps to interpret the data in the packet.
Before attempting the challenge, be sure you understand the IPv4 header format reference provided.
Below, the first 8 bits (0-7) are enclosed by a red shape. You may see bits represented as 1s and 0s. Recall that 8 bits make up 1 byte. Therefore, we could say that byte ‘0’ is also enclosed by the shape.
The first four bytes (0,1,2,3) of the packet are highlighted by a rectangle below. Notice how the different fields use only a few bits or multiple bytes.
The red circle below indicates the octet (group of 8). There are four bytes (or four octets) that occur before the fields shown on the line with the red circle. This was calculated in the previous image, where bytes 0, 1, 2, and 3 occur.
However, since we are counting zero, the area enclosed in the rectangle below is considered octet 4 (or byte 4). Keep this in mind when following the guide below.
Guide
To get the header checksum in hexadecimal representation, follow the reference given. The header checksum is 2-bytes long, starting at an offset of 10 bytes (0,1,2,3,4,5,6,7,8,9,10 — don’t forget zero is counted!) from the beginning of the data packet.
Offsets | 0 | 1 | 2 | 3 |
0 | 01000101 | 00000000 | 00000000 | 00111100 |
4 | 10101001 | 10011010 | 01000000 | 00000000 |
8 | 01000000 | 00000110 | 01001111 | 10010011 |
12 | 11000000 | 10101000 | 10000000 | 10000000 |
16 | 10011111 | 11001011 | 01100000 | 10011010 |
Copy these 2 bytes into CyberChef and then run a binary to hex conversation. (try it out).
You will need to indicate to CyberChef that the binary you added to the input is binary, and not plain text. The input is initially interpreted as raw text or UTF-8 string. This is why you need the “From Binary” recipe.
To determine the TTL for question 2, follow the reference, which indicates that the Time-to-Live (TTL) is 1-byte , starting at an offset of 8 bytes from the beginning of the packet.
Offsets | 0 | 1 | 2 | 3 |
0 | 01000101 | 00000000 | 00000000 | 00111100 |
4 | 10101001 | 10011010 | 01000000 | 00000000 |
8 | 01000000 | 00000110 | 01001111 | 10010011 |
12 | 11000000 | 10101000 | 10000000 | 10000000 |
16 | 10011111 | 11001011 | 01100000 | 10011010 |
Copy this byte into CyberChef and then convert the binary into a decimal value will reveal the answer to this first question (try it out).
The TTL on a packet communicates how many routers the packet can travel to before it is discarded. This value is an integer (which means decimal format is what we want to convert to) that the router decrements by 1 when it sends the packet.
To find the source and destination IP addresses for questions 3 and 4, follow the reference, which indicates that the source IP address is 4-bytes long, starting at an offset of 12 bytes from the beginning of the packet and that the destination IP address is 4-bytes long, starting at an offset of 16 bytes from the beginning of the packet.
Offsets | 0 | 1 | 2 | 3 |
0 | 01000101 | 00000000 | 00000000 | 00111100 |
4 | 10101001 | 10011010 | 01000000 | 00000000 |
8 | 01000000 | 00000110 | 01001111 | 10010011 |
12 | 11000000 | 10101000 | 10000000 | 10000000 |
16 | 10011111 | 11001011 | 01100000 | 10011010 |
These IP addresses can be parsed one-at-a-time by copying each 4-byte values into CyberChef and then utilizing the “From Binary” recipe, followed by the “To Hex” recipe, followed by the “Change IP format” recipe with “Hex” selected as the input format (try it out).
Questions
1. What is the header checksum in hexadecimal representation?
Convert the 2 bytes starting at an offset of 10 bytes from binary into hexadecimal
2. What is the TTL of the packet?
Convert the byte starting at an offset of 8 bytes from binary into decimal
3. What is the source IP address?
Convert the 4 bytes starting at an offset of 12 bytes from binary into decimal dot notation
4. What is the destination IP address?
Convert the 4 bytes starting at an offset of 16 bytes from binary into decimal dot notation
©️ 2025 Cyber Skyline. All Rights Reserved. Unauthorized reproduction or distribution of this copyrighted work is illegal.