Snort mailing list archives
Re: DF and MF
From: Andreas Östling <andreaso () it su se>
Date: Sun, 6 Apr 2003 09:15:54 +0200 (CEST)
On Sat, 5 Apr 2003, Jeff Nathan wrote:
Linux PMTU discovery will set DF on a packet with MF already set. It's anomalous but the Linux folks tend to disagree.
... Some (all?) Solaris boxes like to set MF + DF as well. Here is a fragmented ping to a Solaris box: 04/06-08:38:03.624114 10.0.0.1 -> 192.168.0.1 ICMP TTL:255 TOS:0x0 ID:9889 IpLen:20 DgmLen:1500 MF Frag Offset: 0x0000 Frag Size: 0x05C8 04/06-08:38:03.624117 10.0.0.1 -> 192.168.0.1 ICMP TTL:255 TOS:0x0 ID:9889 IpLen:20 DgmLen:548 Frag Offset: 0x00B9 Frag Size: 0x0157 04/06-08:38:03.625745 192.168.0.1 -> 10.0.0.1 ICMP TTL:254 TOS:0x0 ID:18581 IpLen:20 DgmLen:1500 DF MF Frag Offset: 0x0000 Frag Size: 0x05C8 04/06-08:38:03.625792 192.168.0.1 -> 10.0.0.1 ICMP TTL:254 TOS:0x0 ID:18581 IpLen:20 DgmLen:548 DF Frag Offset: 0x00B9 Frag Size: 0x0157 /Andreas ------------------------------------------------------- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- DF and MF Clayton Mascarenhas (Apr 01)
- Re: DF and MF Jeff Nathan (Apr 05)
- Re: DF and MF Andreas Östling (Apr 07)
- Re: DF and MF Jeff Nathan (Apr 05)