Firewall Wizards mailing list archives
Re: An ethernet frame with two IP packets inside?
From: "Steven M. Bellovin" <smb () research att com>
Date: Thu, 29 Oct 1998 07:33:14 -0500
In message <3631168B.540E30D3 () wiesbaden netsurf de>, Keller writes:
Hi gurus and beardy wizards, what happens if one ethernet frame contains two IP packets? I know, it *shouldn't* happen, but I could construct one, right? How will different tcpip stacks deal with the second IP packet? Could it slip through the filtering rules on some routers? Could it slip past static pattern matching firewalls (FW-1?) ?
I don't know of any published (or implemented) way to do that that would be received by another host. The standard IP-in-Ethernet encapsulation uses the Ethernet type field to denote IP, with the IP packet as the payload of the packet. There are no length fields, etc., at the Ethernet level. See RFC 894 for details, and note that trailer protocols are essentially unused today.
Current thread:
- Re: An ethernet frame with two IP packets inside? Ryan Russell (Oct 29)
- <Possible follow-ups>
- Re: An ethernet frame with two IP packets inside? Steven M. Bellovin (Oct 29)
- Re: An ethernet frame with two IP packets inside? Robert Graham (Oct 29)