Packet structure | Cyber Security Tutorial - Learn with VOKS
Advance AI Bootstrap C C++ Computer Vision Content Writing CSS Cyber Security Data Analysis Deep Learning Email Marketing Excel Figma HTML Java Script Machine Learning MySQLi Node JS PHP Power Bi Python Python for AI Python for Analysis React React Native SEO SMM SQL
Back Next
Cyber Security
01. Introduction 02. Types of Cyber Threats 03. Cyber Security Domains 04. CIA Triad (Confidentiality Integrity Availability) 05. Career paths in Cyber Security 06. Certifications 07. Ethics and Responsible Disclosure 08. Laws and Regulation (e.g. GDPR, NDPR) 09. What is an OS? 10. Types: Window, Linus, macOS 11. Command-line vs GUI 12. OS Internals Overview (filesystems, processes, permissions) 13. Windows command prompt basics 14. Linux Bash Basics 15. File System Navigation 16. Basic Scripting 17. IP Addressing 18. DNS, DHCP 19. Mac Address 20. OSI VS TCP/IP Models 21. Ports and Protocols (TCP, UDP) 22. Common Protocols (HTTPS, FTP, SSH, etc.) 23. Packet structure 24. Firewalls, IDS/IPS, VPNs 25. Common attacks: MITM, Sniffing 26. Secure Network Practices 27. How the Web works 28. HTTP vs HTTPS 29. URLs, Headers, Cookies 30. Client-Server Architecture 31. Introduction To Web Security 32. OWASP Top 10 Overview 33. Common Threats (XSS, SQLi, CSRF) 34. Inpute validation and authentication flow 35. Basic Exploitation demo (e.g. XSS) 36. Burp Suite Introduction 37. Using a Browser For Testing 38. Password security 39. MFA-Antivirus 40. Cyber Hygeine Practice 41. Intro To Tools: Nmap, Wireshark, Netstat

Packet structure

Introduction to packet structure

when data travels across a network (like the internet), it is not sent as one large block. instead, it is broken into smaller pieces called packets.

a packet is a small unit of data that contains:

  1. control information (where it is going, where it came from, error checking, etc.)
  2. the actual data being sent (called the payload)

you can think of a packet like a mailed package:

  • the box = the packet
  • the label (addresses, tracking info) = header
  • the item inside = payload

understanding packet structure helps you understand how networks actually work behind the scenes.

Basic parts of a packet

most network packets have three main parts:

  1. header
  2. payload (data)
  3. trailer (sometimes)

header:

contains control information such as source address, destination address, protocol, and other metadata.

payload:

contains the actual message or data being transmitted (for example, part of a webpage).

trailer:

used mainly for error checking (for example, checksum in ethernet frames).

Packet structure in the tcp/ip model

the internet uses a layered design called the tcp/ip model. each layer adds its own header.

the main layers are:

  • application layer
  • transport layer
  • internet layer
  • network access layer

each layer wraps data from the layer above. this process is called encapsulation.

Encapsulation explained simply

imagine putting a letter into:

  1. a small envelope (application data)
  2. then into a bigger envelope (transport layer header added)
  3. then into a shipping box (internet layer header added)
  4. then labeled for delivery (network layer header added)

when the packet arrives, the receiver removes each layer in reverse order. this is called decapsulation.

Internet protocol (ip) packet structure

the Internet Protocol (ip) is responsible for delivering packets from one device to another using ip addresses.

an ipv4 header typically contains:

  • version (4 bits)
  • header length
  • total length
  • identification
  • flags
  • time to live (ttl)
  • protocol (tcp or udp)
  • source ip address
  • destination ip address
  • header checksum

after the ip header comes the transport layer data (tcp or udp).

example structure:

ip header | transport header | application data

Tcp segment structure

the Transmission Control Protocol (tcp) adds its own header before the data.

a tcp header contains:

  • source port
  • destination port
  • sequence number
  • acknowledgment number
  • flags (syn, ack, fin, etc.)
  • window size
  • checksum
  • urgent pointer

example layout:

tcp header | application data

when combined with ip:

ip header | tcp header | data

Udp datagram structure

the User Datagram Protocol (udp) has a much simpler header.

a udp header contains:

  • source port
  • destination port
  • length
  • checksum

example layout:

udp header | application data

when combined with ip:

ip header | udp header | data

udp packets are smaller and simpler than tcp packets.

Example of packet structure visually

a simplified representation:


| ip header | tcp header | application data |

or for udp:

| ip header | udp header | application data |

each header adds extra bytes. this extra information is called overhead.

Real-world example: visiting a website

when you visit a secure website:

  1. your browser creates http data.
  2. tcp adds its header (ports, sequence numbers).
  3. ip adds its header (source/destination ip).
  4. ethernet adds its frame header and trailer.
  5. the packet is sent across the network.

at the receiving server:

  1. ethernet header removed.
  2. ip header removed.
  3. tcp header removed.
  4. application receives the http data.

this layered process makes network communication organized and reliable.

Simple python example: building a fake packet

below is a simplified example of how a packet might be represented in code. this is only for understanding structure, not real packet transmission.

import struct

def create_fake_ip_header(source_ip, dest_ip):
    version = 4
    header_length = 5
    ttl = 64
    protocol = 6  # tcp
    checksum = 0

    return {
        "version": version,
        "header_length": header_length,
        "ttl": ttl,
        "protocol": protocol,
        "source_ip": source_ip,
        "dest_ip": dest_ip,
        "checksum": checksum
    }

def create_fake_tcp_header(source_port, dest_port):
    sequence_number = 1
    ack_number = 0
    flags = "SYN"

    return {
        "source_port": source_port,
        "dest_port": dest_port,
        "sequence_number": sequence_number,
        "ack_number": ack_number,
        "flags": flags
    }

def create_packet(source_ip, dest_ip, source_port, dest_port, data):
    ip_header = create_fake_ip_header(source_ip, dest_ip)
    tcp_header = create_fake_tcp_header(source_port, dest_port)

    packet = {
        "ip_header": ip_header,
        "tcp_header": tcp_header,
        "data": data
    }

    return packet

packet = create_packet("192.168.1.2", "93.184.216.34", 12345, 80, "GET / HTTP/1.1")
print(packet)

This example shows how headers and data are grouped together logically.

Why packet structure is important

packet structure is important because:

  • routers use ip headers to forward packets.
  • firewalls inspect headers to allow or block traffic.
  • tcp uses sequence numbers to ensure correct order.
  • checksums detect errors.
  • ports allow correct application delivery.

without structured packets, network communication would be chaotic.

Example Code:
import struct

# =========================
# fake ip header
# =========================
def create_fake_ip_header(source_ip, dest_ip):
    version = 4
    header_length = 5
    ttl = 64
    protocol = 6  # tcp
    checksum = 0

    return {
        "version": version,
        "header_length": header_length,
        "ttl": ttl,
        "protocol": protocol,
        "source_ip": source_ip,
        "dest_ip": dest_ip,
        "checksum": checksum
    }

# =========================
# fake tcp header
# =========================
def create_fake_tcp_header(source_port, dest_port):
    sequence_number = 1
    ack_number = 0
    flags = "SYN"

    return {
        "source_port": source_port,
        "dest_port": dest_port,
        "sequence_number": sequence_number,
        "ack_number": ack_number,
        "flags": flags
    }

# =========================
# create full packet
# =========================
def create_packet(source_ip, dest_ip, source_port, dest_port, data):
    ip_header = create_fake_ip_header(source_ip, dest_ip)
    tcp_header = create_fake_tcp_header(source_port, dest_port)

    packet = {
        "ip_header": ip_header,
        "tcp_header": tcp_header,
        "data": data
    }

    return packet

packet = create_packet("192.168.1.2", "93.184.216.34", 12345, 80, "GET / HTTP/1.1")
print(packet)
Cyber Security
Introduction Types of Cyber Threats Cyber Security Domains CIA Triad (Confidentiality Integrity Availability) Career paths in Cyber Security Certifications Ethics and Responsible Disclosure Laws and Regulation (e.g. GDPR, NDPR) What is an OS? Types: Window, Linus, macOS Command-line vs GUI OS Internals Overview (filesystems, processes, permissions) Windows command prompt basics Linux Bash Basics File System Navigation Basic Scripting IP Addressing DNS, DHCP Mac Address OSI VS TCP/IP Models Ports and Protocols (TCP, UDP) Common Protocols (HTTPS, FTP, SSH, etc.) Packet structure Firewalls, IDS/IPS, VPNs Common attacks: MITM, Sniffing Secure Network Practices How the Web works HTTP vs HTTPS URLs, Headers, Cookies Client-Server Architecture Introduction To Web Security OWASP Top 10 Overview Common Threats (XSS, SQLi, CSRF) Inpute validation and authentication flow Basic Exploitation demo (e.g. XSS) Burp Suite Introduction Using a Browser For Testing Password security MFA-Antivirus Cyber Hygeine Practice Intro To Tools: Nmap, Wireshark, Netstat
All Courses
Advance AI Bootstrap C C++ Computer Vision Content Writing CSS Cyber Security Data Analysis Deep Learning Email Marketing Excel Figma HTML Java Script Machine Learning MySQLi Node JS PHP Power Bi Python Python for AI Python for Analysis React React Native SEO SMM SQL