5. "Fragment Offset" field

You can change the value of the "Fragment Offset" field. The best option is when the DF flag is set to "0," since the fragmentation strategy is designed so that an unfragmented datagram in all fields related to fragmentation has zero values. This means, despite the fact that the flag prevents fragmentation, we can still implement it in the offset of the fragment, but the fact of identification of the manipulation becomes more detectable.

6. "Source Address" field

You can change the "Source Address" field value.


IPv4-in IPv6 headers can be encapsulated using the IPv4 Destination Address field to insert information into it. In this case, the IPv6 header will be responsible for delivering the package.

9. "Options" field

The value of the options field is limited in the IPv4 header, and as a result of the analysis, we are trying to determine any field value that may appear in this type of field. So we may try to determine the incorrect significant of this field, the appearance of which indicates the possible malicious activity on the injection of information.

10."Padding" field

This field goes after value 0x00 of the "Options" field; the value is the EOL and takes up to 32-bit header boundaries. The interest in this manipulation is that after the optional EOL, the equipment does not examine headers on 32-bit boundaries; this means that these bytes are invisible to network devices and sniffer. Although the analysis of this field is simple enough, the EOL up to 32-bit header boundaries must be set to "0" at the standard behind the "Options" field, causing any other value of this field to indicate that the data is being injected.
