The Internet technology has been widely applied in many areas in the past decades and therefore its security issues have also attracted more and more concern. Because adversaries may spoof their source IPs and launch attacks, many traceback schemes have been proposed to identify the attack source. Packet logging uses only one packet to achieve IP traceback, but it requires much storage. Packet marking does not need to store any packet information on the routers, but it has to collect a large amount of attacking packets. Hybrid IP traceback schemes combine the two methods, using only one packet for traceback and reducing the storage requirements during packet logging. Current hybrid IP traceback schemes have two logging methods: logging of packet digests; logging of route info. While the first method’s storage requirements increase with the rise of packet numbers, the second method’s storage requirements are bounded by route numbers. Thus, we propose a 16-bit hybrid IP traceback scheme with low storage requirements. We analyze and compare current related schemes RIHT and HAHIT. Both of their performance is not affected by packet numbers. But RIHT’s marking field takes 32 bits and may lead to the failure of packet re-assembly. HAHIT uses 16 bits as its marking field to prevent the failure but pushes up its storage requirements. The main contributions of our scheme include: we use only one single packet for traceback; our performance is not affected by packet numbers; it is fragment compatible; we improve the logging method and decrease the storage requirements. Compared with HAHIT in the worst case, ours can decrease the storage requirements by 66%. In the average case, we can even keep our storage requirements lower than RIHT, whose marking field takes 32 bits.