**2.3 Header of IPv4**

*Computer and Network Security*

extract the key.

12 bytes our key.

**2.1 Intercomputer exchange**

protocols (TCP and UDP).

manipulation.

**2.2 IPv4**

RFC791.

Interconnection (OSI) reference model.

when creating and sending the package.

changes in the package, in case the package is not fragmented, but it should not be, since by condition we need to know the minimum MTU value and not exceed it

At the "Identifier" field, 16 bits is available to us for adding a steganogram; the information in it is displayed in the form of four numbers in hexadecimal number system. Thus, we have 65,535 possible values that can be used both for transmitting the steganogram and for the key, which in turn is also a steganogram. In order not to transmit the key in such an explicit form, it is proposed to use only three numbers out of four, while reading them from right to left. In this case, the number can be odd with its standard reading from left to right. The fourth unused number can take any value. Thus, we can use only 16 of the 17 bits available in a packet. It is proposed to use the second bit in the "Flags" field—DF—as a specific label, the presence of which allows you to expand the key extraction algorithm: whether you need to read the value from the first or from the second number in the "Identifier" field to

Thus, the next step is to enter (inv (z)) 16 in the "Identifier" field of the IP header. At the same time, we must set the value of "1" to the second bit in the "Flags" field if we enter the key in the first 12 bytes of the "Identifier" field or 0 if we fill the first 4 bytes of the field with random values and in the remaining

Next, we send a packet with modified fields to the recipient, where he must carry out the procedure inversely described in the framework of this algorithm [8].

Since the "Identifier" field in the IP header can contain 16 bits of information, 1 bit is available in the "Flags" field, and in the "Sequence number" field, a 32-bit information is available in the TCP header; we can conclude that the total throughput of steganography is 49 bits. But it should be noted that in this method we use the "Identifier" field to transmit the encrypted key in the steganogram, which is used to extract secret information from the "Sequence number" field, and the bit in the "Flags" field is used as a label. Thus, to transfer the encrypted key, we allocate 12 bits of information available in the "Identifier" field, and in the remaining 4 bits, we enter a random number from 0 to 16 in the hexadecimal number system (from 1 to F) and use 1 bit as a label, necessary for more organization more flexible operation of the algorithm. Based on this, we can conclude that for transmitting specific information, we have 32 bits left in the "Sequence number" field, and 3 bits of secret information can be transmitted,

We calculate the bandwidth of the proposed method.

which is encrypted in 32 bits of information hiding the secret.

The exchange of computer networks is based on the Open System

Studying hidden information flows with computer interaction on networks of interest will include information about the services that are added to the network traffic data. As part of the protocol, headings are assessed at two levels: network and transport. We will address network protocols (IPv4 and IPv6) and transport

Further, we are considering the reports and the possibility of more detailed

IPv4 is the most popular protocol of network level; see more information in

**76**

The format of IPv4 header is presented in **Figure 1**. IPv4 header field analysis shows the following results:


Bits from 0 to 2 are set for priority and 6 to 7 set to reserved.


The value "111" should not appear on the networks of provider; it could be appearing only for local networks, which leads to the point that the capture of this value in the network provider is a mark of malicious information injection.


By default, these bits are reserved and must be set to 0; the result is that the other value is possible injection information.

3. "Identification" field

You can change the value of the identification field. The point is that the field is used to build correctly after fragmentation, but there is a DF flag that rejects fragment packets, so if the flag is set to "1" this ID is not required, and this field could be used to pass hidden information.

4. "Flags" field

As the standard requires, the first bit is reserved and should be set to "0"; if the result is different, it is mark of injection information.

