MODULE 3

Network Layer
Introduction

The network layer in the TCP/IP protocol suite is responsible for the host-to-host delivery of datagrams. It
provides services to the transport layer and receives services from the data-link layer. In this chapter, we
introduce the general concepts and issues in the network layer.

NETWORK-LAYER SERVICES

• Packetizing

• Routing and Forwarding

• Other Services

i) Error Control

ii)Flow Control

iii)Congestion Control

iv) Quality of Service

v) Security

As the figure shows, the network layer is involved at the source host, destination host, and all
routers in the path (R2, R4, R5, and R7). At the source host (Alice), the network layer accepts a
packet from a transport layer, encapsulates the packet in a datagram, and delivers the packet to the
data-link layer. At the destination host (Bob), the datagram is decapsulated, and the packet is
extracted and delivered to the corresponding transport layer. Although the source and destination
hosts are involved in all five layers of the TCP/IP suite, the routers use three layers if they are routing
packets only;
Packetizing
The first duty of the network layer is definitely packetizing: encapsulating the payload in a packet
at the source and decapsulating the payload from the packet at the destination. In other words
network layer is to carry a payload from the source to the destination without changing it or using it.

The source is not allowed to change the content of the payload unless it is too large for delivery
and needs to be fragmented. If the packet is fragmented at the source or at routers along the path, the
network layer is responsible for waiting until all fragments arrive, reassembling them, and delivering
them to the upper-layer protocol. The routers are not allowed to change source and destination
addresses either.

Routing and Forwarding

Routing

The network layer is responsible for routing the packet from its source to the destination. Generally
there is more than one route from the source to the destination. The network layer is responsible for
finding the best one among these possible routes. The network layer needs to have some specific
strategies for defining the best route. The routing protocols, should be run before any communication
occurs.

Forwarding

Forwarding can be defined as the action applied by each router when a packet arrives at one of its
interfaces. A router normally uses forwarding table for applying this action is sometimes called the
the routing table. To make decision, the router uses a piece of information in the packet header,
which can be the destination address or a label, to find the corresponding output interface number in
the forwarding table .

Other Services
Error Control

Although error control also can be implemented in the network layer, the designers of the network
layer ignore this issue. One reason is the fact that the packet in the network layer may be fragmented
at each router, which makes error checking at this layer inefficient. Although the network layer in
the Internet does not directly provide error control, the Internet uses an auxiliary protocol, ICMP,
that provides some kind of error control .

Flow Control
Flow control regulates the amount of data a source can send without overwhelming the receiver. To
control the flow of data, the receiver needs to send some feedback to the sender to inform the latterthat
it is overwhelmed with data. The network layer, however, does not directly provide any flow control.
The datagrams are sent by the sender when they are ready, without any attention to the readiness of
the receiver.

Congestion Control

Congestion in the network layer is a situation in which too many datagrams are present in an area of
the Internet. Congestion may occur if the number of datagrams sent by source computers is beyond
the capacity of the network or routers. In this situation, some routers may drop some of the
datagrams.

However, as more datagrams are dropped, the situation may become worse because, due to the error
control mechanism at the upper layers, the sender may send duplicates of the lost packets. If the
congestion continues, sometimes a situation may reach a point where the system collapses and no
datagrams are delivered.

Quality of Service

As the Internet has allowed new applications such as multimedia communication the quality of
service (QoS) of the communication has become more and more important. However, to keep the
network layer untouched, these provisions are mostly implemented in the upper layer.

Security

Security was not a concern when the Internet was originally designed because it was used by a small
number of users at universities for research activities; other people had no access to the Internet.
The network layer was designed with no security provision. Today, however, security is a big
concern. To provide security for a connectionless network layer, we need to have another virtuallevel
that changes the connectionless service to a connection-oriented service.

PACKET SWITCHING
A router, in fact, is a switch that creates a connection between an input port and an output port (or a
set of output ports), Just as an electrical switch connects the input to the output to let electricity flow.
Switching techniques are divided into two broad categories, circuit switching and packet switching,

Only packet switching is used at the network layer because the unit of data at this layer is a packet.
Circuit switching is mostly used at the physical layer;

A packet-switched network can use two different approaches to route the packets:

1. Datagram Approach: Connectionless Service

When the network layer provides a connectionless service, each packet traveling in the Internet is an
independent entity; There is no relationship between packets belonging to the same message.

The switches in this type of network are called routers. A packet belonging to a message may be
followed by a packet belonging to the same message or to a different message. Each packet is routed
based on the information contained in its header: source and destination addresses. The destination
address defines where it should go; the source address defines where it comes from.

2. Virtual-Circuit Approach: Connection-Oriented Service

In a connection-oriented service (also called virtual-circuit approach), there is a relationship
between all packets belonging to a message. Before all datagrams in a message can be sent, a
virtual connection should be set up to define the path for the datagrams. After connection
setup, the datagrams can all follow the same path. In this type of service, not only must the
packet contain the source and destination addresses, it must also contain a flow label. A flow
label is a virtual circuit identifier that defines the virtual path the packet should follow.
IPV4 ADDRESSES
The identifier used in the IP layer of the TCP/IP protocol suite to identify the connection of each
device to the Internet is called the Internet address or IP address. An IPv4 address is a 32-bit address
that uniquely and universally defines the connection of a host or a router to the Internet.

The IP address is the address of the connection, not the host or the router, because if the deviceis
moved to another network, the IP address may be changed. IPv4 addresses are unique in the sense
that each address defines one, and only one, connection to the Internet.

Address Space
An address space is the total number of addresses used by the protocol. If a protocol uses b bits to
define an address, the address space is 2b because each bit can have two different values (0 or 1).
IPv4 uses 32-bit addresses, which means that the address space is 232 or 4,294,967,296 (more than
four billion). If there were no restrictions, more than 4 billion devices could be connected to the
Internet.

Notation

There are three common notations to show an IPv4 address:

• binary notation (base 2),

• dotted-decimal notation (base 256), and

• hexadecimal notation (base 16).

Hierarchy in Addressing

In any communication network that involves delivery, such as a telephone network or a postal
network, the addressing system is hierarchical. In a postal network, the postal address (mailing
address) includes the country, state, city, street, house number, and the name of the mail recipient.
Similarly, a telephone number is divided into the country code, area code, local exchange, and the
connection.

A 32-bit IPv4 address is also hierarchical, but divided only into two parts. The first part of the
address, called the prefix, defines the network; the second part of the address, called the suffix,defines
the node (connection of a device to the Internet).

The prefix length is n bits and the suffix length is (32 − n) bits.

A prefix can be fixed length or variable length. The network identifier in the IPv4 was first designed
as a fixed-length prefix. This scheme, which is now obsolete, is referred to as classful addressing.
The new scheme, which is referred to as classless addressing, uses a variable-length network prefix .
Classful Addressing
When the Internet started, an IPv4 address was designed with a fixed-length prefix, but to
accommodate both small and large networks, three fixed-length prefixes were designed instead of one
(n = 8, n = 16, and n = 24). The whole address space was divided into five classes (class A, B, C, D,
and E), as shown in Figure 18.18. This scheme is referred to as classful addressing.

Address Depletion

The reason that classful addressing has become obsolete is address depletion. Since the addresses
were not distributed properly, the Internet was faced with the problem of the addresses being rapidly
used up. This resulted in no more addresses available for organizations and individuals thatneeded to
be connected to the Internet.

To understand the problem, let us think about class A. This class can be assigned to only 128
organizations in the world, but each organization needs to have a single network (seen by the rest of
the world) with 16,777,216 nodes (computers in this single network). Since there may be only a few
organizations that are this large, most of the addresses in this class were wasted (unused).

Class B addresses were designed for midsize organizations, but many of the addresses in this
class also remained unused.

Class C addresses have a completely different flaw in design. The number of addresses that can be
used in each network (256) was so small that most companies were not comfortable using a block in
this address class. Class E addresses were almost never used, wasting the whole class.

In class A, the network length is 8 bits, but since the first bit, which is 0, defines the class, we can
have only seven bits as the network identifier. This means there are only 27 = 128 networks in the
world that can have a class A address.
Subnetting and Supernetting

To alleviate address depletion, two strategies were proposed and, to some extent,
implemented: subnetting and supernetting.

In subnetting, a class A or class B block is divided into several subnets. Each subnet has a
larger prefix length than the original network. For example, if a network in class A is
divided into four subnets, each subnet has a prefix of nsub = 10.

At the same time, if all of the addresses in a network are not used, subnetting allows the
addresses to be divided among several organizations. This idea did not work because most
large organizations were not happy about dividing the block and giving some of the
unused addresses to smaller organizations.

While subnetting was devised to divide a large block into smaller ones, supernetting was
devised to combine several class C blocks into a larger block to be attractive to
organizationsthat need more than the 256 addresses available in a class C block. This idea
did not work either because it makes the routing of packets more difficult.

Advantage of Classful Addressing

Given an address, we can easily find the class of the address and, since the prefix length for each
class is fixed, we can find the prefix length immediately. In other words, the prefix length in
classful addressing is inherent in the address; no extra information is needed to extract the prefix
and the suffix.

In this chapter, we show how the network layer is implemented in the TCP/IP protocol suite.
The protocols in the network layer have gone through a few versions; in this chapter, we
concentrate on the current version v4.
Communication at the network layer is host-to-host (computer-to-computer); a computer somewhere
in the world needs to communicate with another computer somewhere else in the world through the
Internet.
The packet transmitted by the sending computer may pass through several LANs or WANs before
reaching the destination computer. A global addressing scheme called logical addressing in required
for this communication. The term IP address refers to the logical address in the network layer of the
TCP/IP protocol suite.
Communication at the network layer in the Internet is connectionless. If reliability is important,
IPv4 must be paired with a reliable transport-layer protocol such as TCP.

Position of IPv4 and other network protocols in TCP/IP protocol suite

The network layer in version 4 can be thought of as one main protocol and three auxiliary ones as
shown in Figure 4.1.
• The main protocol, Internet Protocol version 4 (IPv4), is responsible for packetizing,
forwarding, and delivery of a packet at the network layer.
• The Internet Control Message Protocol version 4 (ICMPv4) helps IPv4 to handle some errors
that may occur in the network-layer delivery.
• The Internet Group Management Protocol (IGMP) is used to help IPv4 in multicasting.
• The Address Resolution Protocol (ARP) is used to glue the network and data-link layers in
mapping network-layer addresses to link-layer addresses
 Figure 3.1: Position of IP and other network-layer protocols in TCP/IP protocol suite

Datagram Format
The Internet Protocol version 4 (IPv4) is the delivery mechanism used by the TCP/IP protocols. Packets
used by the IP are called datagrams. A datagram is a variable-length packet consisting of two parts:
header and payload (data). The header is 20 to 60 bytes in length and contains information essential to
routing and delivery. It is customary in TCP/IP to show the header in 4-byte sections.

Figure 3.2: IPv4 Datagram

A brief description of each field is in order:

1. Version Number: The 4-bit version number (VER) field defines the version of the IPv4
protocol, which, obviously, has the value of 4.

2. Header Length: The 4-bit header length (HLEN) field defines the total length of the datagram
header in 4-byte words. The IPv4 datagram has a variable-length header. When a device
receives a datagram, it needs to know when the header stops and the data, which is encapsulated
in the packet, starts. The total length is divided by 4 and the value is inserted in the field. The
receiver needs to multiply the value of this field by 4 to find the total length.
3. Service Type: In the original design of the IP header shown in Fig 4.3, this field was referred
to as type of service (TOS), which defined how the datagram should be handled. In the late
1990s, IETF redefined the field to provide differentiated services (DiffServ).
 Figure 3.3:Service Type
Note: The precedence subfield was part of version 4, but never used
4. Total Length: This 16-bit field defines the total length (header plus data) of the IP datagram
in bytes. A 16-bit number can define a total length of up to 65,535 (when all bits are 1s).
However, the size of the datagram is normally much less than this. This field helps the receiving
device to know when the packet has completely arrived. To find the length of the data coming
from the upper layer, subtract the header length from the total length. The header length can be
found by multiplying the value in the HLEN field by 4.
Note: The total length field defines the total length of the datagram including the header.
5. Identification, Flags, and Fragmentation Offset: These three fields are related to the
fragmentation of the IP datagram when the size of the datagram is larger than the underlying
network can carry.
6. Time-to-live: Due to some malfunctioning of routing protocols (discussed later) a datagram
may be circulating in the Internet, visiting some networks over and over without reaching the
destination. This may create extra traffic in the Internet. The time-to-live (TTL) field is used to
control the maximum number of hops (routers) visited by the datagram. When a source host
sends the datagram, it stores a number in this field. This value is approximately two times the
maximum number of routers between any two hosts. Each router that processes the datagram
decrements this number by one. If this value, after being decremented, is zero, the router
discards the datagram.
7. Protocol: In TCP/IP, the data section of a packet, called the payload, carries the whole packet
from another protocol. A datagram, for example, can carry a packet belonging to any transport-
layer protocol such as UDP or TCP. A datagram can also carry a packet from other protocols
that directly use the service of the IP, such as some routing protocols or some auxiliary
protocols. The Internet authority has given any protocol that uses the service of IP a unique 8-
bit number which is inserted in the protocol field. When the payload is encapsulated in a
datagram at the source IP, the corresponding protocol number is inserted in this field; when the
datagram arrives at the destination, the value of this field helps to define to which protocol the
payload should be delivered. In other words, this field provides multiplexing at the source and
demultiplexing at the destination

Table Protocol values

Figure 3.4: Multiplexing and demultiplexing using the value of the protocol field
8. Header checksum: IP is not a reliable protocol; it does not check whether the payload carried
by a datagram is corrupted during the transmission. IP puts the burden of error checking of the
payload on the protocol that owns the payload, such as UDP or TCP.
The datagram header, however, is added by IP, and its error-checking is the responsibility of
IP. Errors in the IP header can be a disaster. For example, if the destination IP address is
corrupted, the packet can be delivered to the wrong host. If the protocol field is corrupted, the
payload may be delivered to the wrong protocol. If the fields related to the fragmentation are
corrupted, the datagram cannot be reassembled correctly at the destination, and so on. For these
reasons, IP adds a header checksum field to check the header, but not the payload. We need to
remember that, since the value of some fields, such as TTL, which are related to fragmentation
and options, may change from router to router, the checksum needs to be recalculated at each
router. Checksum in the Internet normally uses a 16-bit field, which is the complement of the
sum of other fields calculated using 1s complement arithmetic.

9. Source and Destination Addresses: These 32-bit source and destination address fields define
 the IP address of the source and destination respectively. The source host should know its IP
address. The destination IP address is either known by the protocol that uses the service of IP
or is provided by the DNS. Note that the value of these fields must remain unchanged during
the time the IP datagram travels from the source host to the destination host.
10. Options: A datagram header can have up to 40 bytes of options. Options can be used for
network testing and debugging. Although options are not a required part of the IP header, option
processing is required of the IP software. This means that all implementations must be able to
handle options if they are present in the header. The existence of options in a header creates
some burden on the datagram handling; some options can be changed by routers, which forces
each router to recalculate the header checksum. There are one-byte and multi-byte options
11. Payload: Payload, or data, is the main reason for creating a datagram. Payload is the packet
coming from other protocols that use the service of IP. Comparing a datagram to a postal
package, payload is the content of the package; the header is only the information written on
the package

Example 1:
An IPv4 packet has arrived with the first 8 bits as shown : 01000010
The receiver discards the packet. Why?
Solution
There is an error in this packet. The 4 leftmost bits (0100) show the version, which is correct. The
next 4 bits (0010) show an invalid header length (2 × 4 = 8). The minimum number of bytes in the
header must be 20. The packet has been corrupted in transmission.
Example 2
In an IPv4 packet, the value of HLEN is 1000 in binary. How many bytes of options are being carried
by this packet?
Solution
The HLEN value is 8, which means the total number of bytes in the header is 8 × 4, or 32 bytes. The
first 20 bytes are the base header, the next 12 bytes are the options.
Example 3
Solution
The HLEN value is 5, which means the total number of bytes in the header is 5 × 4, or 20 bytes (no
options). The total length is 40 bytes, which means the packet is carrying 20 bytes of data (40 − 20).
Example 4
An IPv4 packet has arrived with the first few hexadecimal digits as shown.
0x45000028000100000102 . . .
How many hops can this packet travel before being dropped? The data belong to what upper-layer
protocol?
Solution
To find the time-to-live field, we skip 8 bytes. The time-to-live field is the ninth byte, which is 01. This
means the packet can travel only one hop. The protocol field is the next byte (02), which means that
the upper-layer protocol is IGMP.
Example 6
An IPv4 packet has arrived with the header decimal digits as shown below. Calculate the checksum
for this header
Fragmentation
A datagram can travel through different networks. Each router decapsulates the IP datagram from the
frame it receives, processes it, and then encapsulates it in another frame.The format and size of the
received( or sent) frames depend on the protocol used by the physical network through which the frame
has just travelled( or going to travel). For example, if a router connects a LAN to a WAN, it receives a
frame in the LAN format and sends a frame in the WAN format.

Figure 3.5: Encapsulation of a small datagram in an Ethernet frame

Maximum transfer unit (MTU)

Each link-layer protocol has its own frame format. One of the features of each format is the maximum
size of the payload that can be encapsulated. In other words, when a datagram is encapsulated in a
frame, the total size of the datagram must be less than this maximum size, which is defined by the
restrictions imposed by the hardware and software used in the network

Figure 3.6: Maximum transfer unit (MTU)

In order to make the IP protocol independent of the physical network, the designers decided to make
the maximum length of the IP datagram equal to 65,535 bytes. This makes transmission more efficient
if one day we use a link-layer protocol with an MTU of this size. However, for other physical networks,
we must divide the datagram to make it possible for it to pass through these networks. This is called
fragmentation. When a datagram is fragmented, each fragment has its own header with most of the
fields repeated, but some have been changed.
A fragmented datagram may itself be fragmented if it encounters a network with an even smaller MTU.
In other words, a datagram may be fragmented several times before it reaches the final destination. A
datagram can be fragmented by the source host or any router in the path. The reassembly of the
datagram, however, is done only by the destination host, because each fragment becomes an
independent datagram
Table 4.1 MTUs for some networks
Fields Related to Fragmentation
Three fields in an IP datagram are related to fragmentation: identification, flags, and
fragmentation offset
When a datagram is fragmented, the value in the identification field is copied into all fragments. In
other words, all fragments have the same identification number, which is also the same as the original
datagram. The identification number helps the destination in reassembling the datagram. It knows that
all fragments having the same identification value should be assembled into one datagram

Flags used in fragmentation

When the payload of the IP datagram is fragmented, most parts of the header, with the exception of
some options, must be copied by all fragments. The host or router that fragments a datagram must
change the values of three fields: flags, fragmentation offset, and total length.The value of the checksum
must be recalculated regardless of fragmentation.

Figure 3.7 Flags in fragmentation

The leftmost bit is reserved (not used). The second bit (D bit) is called the do not fragment bit. If its
value is 1, the machine must not fragment the datagram. If it cannot pass the datagram through any
available physical network, it discards the datagram and sends an ICMP error message to the source
host (discussed later). If its value is 0, the datagram can be fragmented if necessary. The third bit (M
bit) is called the more fragment bit. If its value is 1, it means the datagram is not the last fragment; there
are more fragments after this one. If its value is 0, it means this is the last or only fragment.

Fragmentation offset
The 13-bit fragmentation offset field shows the relative position of this fragment with respect to the
whole datagram. It is the offset of the data in the original datagram measured in units of 8 bytes.
Fragmentation example
Figure 4.8 shows a datagram with a data size of 4000 bytes fragmented into three fragments. The bytes
in the original datagram are numbered 0 to 3999. The first fragment carries bytes 0 to 1399. The offset
for this datagram is 0/8 = 0. The second fragment carries bytes 1400 to 2799; the offset value for this
fragment is 1400/8 = 175. Finally, the third fragment carries bytes 2800 to 3999. The offset value for
this fragment is 2800/8 = 350.

Figure 3.8 A fragmentation example

Detailed fragmentation example
The value of the offset is measured in units of 8 bytes. This is done because the length of the offset field
is only 13 bits long and cannot represent a sequence of bytes greater than 8191. This forces hosts or
routers that fragment datagrams to choose the size of each fragment so that the first byte number is
divisible by 8. Figure 4.9. shows an expanded view of the fragments in the previous figure. The original
packet starts at the client; the fragments are reassembled at the server. The value of the identification
field is the same in all fragments, as is the value of the flags field with the more bit set for all fragments
except the last. Also, the value of the offset field for each fragment is shown. Note that although the
fragments arrived out of order at the destination, they can be correctly reassembled.

Figure 3.9 Detailed fragmentation example - Expanded view

Example
A packet has arrived with an M bit value of 0. Is this the first fragment, the last fragment, or a middle
fragment? Do we know if the packet was fragmented?
Solution : If the M bit is 0, it means that there are no more fragments; the fragment is the last one.
However, we cannot say if the original packet was fragmented or not. A non-fragmented packet is
considered the last fragment.
Example :A packet has arrived with an M bit value of 1. Is this the first fragment, the last fragment, or
a middle fragment? Do we know if the packet was fragmented?
Solution - If the M bit is 1, it means that there is at least one more fragment. This fragment can be the
first one or a middle one, but not the last one. We don’t know if it is the first one or a middle one; we
need more information (the value of the fragmentation offset).

Example : A packet has arrived with an M bit value of 1 and a fragmentation offset value of 0. Is this
the first fragment, the last fragment, or a middle fragment?
Solution - Because the M bit is 1, it is either the first fragment or a middle one. Because the offset value
is 0, it is the first fragment.
Example A packet has arrived in which the offset value is 100. What is the number of the first byte? Do
we know the number of the last byte?
Solution - To find the number of the first byte, we multiply the offset value by 8. This means that the
first byte number is 800. We cannot determine the number of the last byte unless we know the length
of the data.
Example - A packet has arrived in which the offset value is 100, the value of HLEN is 5, and the value
of the total length field is 100. What are the numbers of the first byte and the last byte?
Solution The first byte number is 100 × 8 = 800. The total length is 100 bytes, and the header length is
20 bytes (5 × 4), which means that there are 80 bytes in this datagram. If the first byte number is 800,
the last byte number must be 879.

Options
The header of the IPv4 datagram is made of two parts: a fixed part and a variable part. The fixed part is
20 bytes long and was discussed in the previous section. The variable part comprises the options that
can be a maximum of 40 bytes (in multiples of 4-bytes) to preserve the boundary of the header. Options,
as the name implies, are not required for a datagram. They can be used for network testing and
debugging.
Taxonomy of options in IPv4

Figure 3.10: Classification of Options

I Single-Byte Options: There are two single-byte options. No Operation A no-operation option is a 1-
byte option used as a filler between options. End of Option An end-of-option option is a 1-byte option
used for padding at the end of the option field. It, however, can only be used as the last option.
II Multliple-Byte Options: There are four multiple-byte options.
 a) Record Route A record route option is used to record the Internet routers that handle the
datagram. It can list up to nine router addresses. It can be used for debugging and management
purposes.
b) Strict Source Route A strict source route option is used by the source to predetermine a route
for the datagram as it travels through the Internet. Here, the sender can choose a route with a
specific type of service, such as minimum delay or maximum throughput. Alternatively, it may
choose a route that is safer or more reliable for the sender’s purpose. For example, a sender can
choose a route so that its datagram does not travel through a competitor’s network. If a datagram
specifies a strict source route, all the routers defined in the option must be visited by the
datagram
c) Loose Source Route: A loose source route option is similar to the strict source route, but it is
less rigid. Each router in the list must be visited, but the datagram can visit other routers as well.
d) Timestamp: A timestamp option is used to record the time of datagram processing by a router.
The time is expressed in milliseconds from midnight, Universal time or Greenwich mean time.
Knowing the time a datagram is processed can help users and managers track the behavior of
the routers in the Internet
Security of IPv4 Datagrams
The IPv4 protocol, as well as the whole Internet, was started when the Internet users trusted each other.
No security was provided for the IPv4 protocol. Today, however, the situation is different; the Internet
is not secure anymore. There are three security issues that are particularly applicable to the IP protocol:
packet sniffing, packet modification, and IP spoofing.
Packet Sniffing: An intruder may intercept an IP packet and make a copy of it. Packet sniffing is a
passive attack, in which the attacker does not change the contents of the packet. This type of attack is
very difficult to detect because the sender and the receiver may never know that the packet has been
copied. Although packet sniffing cannot be stopped, encryption of the packet can make the attacker’s
effort useless. The attacker may still sniff the packet, but the content is not detectable.
Packet Modification:The second type of attack is to modify the packet. The attacker intercepts the
packet, changes its contents, and sends the new packet to the receiver. The receiver believes that the
packet is coming from the original sender. This type of attack can be detected using a data integrity
mechanism. The receiver, before opening and using the contents of the message, can use this mechanism
to make sure that the packet has not been changed during the transmission
IP Spoofing : An attacker can masquerade as somebody else and create an IP packet that carries the
source address of another computer. An attacker can send an IP packet to a bank pretending that it is
coming from one of the customers

IPSec The IP packets today can be protected from the previously mentioned attacks using a protocol
called IPSec (IP Security).

ICMPv4
The IPv4 has no error-reporting or error-correcting mechanism. The IP protocol also lacks a mechanism
for host and management queries. A host sometimes needs to determine if a router or another host is
alive. And sometimes a network manager needs information from another host or router.

The Internet Control Message Protocol version 4 (ICMPv4) has been designed to compensate for the
above two deficiencies. It is a companion to the IP protocol. ICMP itself is a network-layer protocol.
However, its messages are not passed directly to the data-link layer as would be expected. Instead, the
messages are first encapsulated inside IP datagrams before going to the lower layer. When an IP
datagram encapsulates an ICMP message, the value of the protocol field in the IP datagram is set to 1
to indicate that the IP payroll is an ICMP message.

Unicast Routing: Introduction, Routing Algorithms: Distance Vector Routing, Link State Routing,
Path Vector routing