Hi,
I have a question which seems 'weird' but may not be so..
>From NodeF,NodeE and NodeG are on the same network ie.192.168.2.0
i ping from NodeF to NodeE:
[root@NodeF ~]$ ping -s3000 192.168.2.3
PING 192.168.2.3 (192.168.2.3) from 192.168.2.4 : 3000(3028) bytes of
data.
Warning: time of day goes back, taking countermeasures.
3008 bytes from 192.168.2.3: icmp_seq=0 ttl=255 time=1.239 msec
--- 192.168.2.3 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/mdev = 1.239/1.239/1.239/0.000 ms
[root@NodeF ~]$
If you notice the packet size is 3000+ which i made so to see some
fragments on the netw.
Node G is passively watching the traffic and weirdly it sees tha fragments
in the reverse order ...
tcpdump: listening on fxp1
17:55:41.765745 192.168.2.4 > 192.168.2.3: (frag 2715:48@2960) (ttl 64)
4500 0044 0a9b 4172 4001 a954 c0a8 0204
c0a8 0203 8889 8a8b 8c8d 8e8f 9091 9293
9495 9697 9899 9a9b 9c9d 9e9f a0a1 a2a3
a4a5 a6a7 a8a9 aaab acad aeaf b0b1 b2b3
b4b5 b6b7
17:55:41.766003 192.168.2.4 > 192.168.2.3: (frag 2715:1480@1480+) (ttl 64)
4500 05dc 0a9b 60b9 4001 8475 c0a8 0204
c0a8 0203 c0c1 c2c3 c4c5 c6c7 c8c9 cacb
cccd cecf d0d1 d2d3 d4d5 d6d7 d8d9 dadb
dcdd dedf e0e1 e2e3 e4e5 e6e7 e8e9 eaeb
eced eeef f0f1 f2f3 f4f5 f6f7 f8f9 fafb
fcfd
17:55:41.766126 192.168.2.4 > 192.168.2.3: icmp: echo request (frag
2715:1480@0+) (ttl 64)
4500 05dc 0a9b 6000 4001 852e c0a8 0204
c0a8 0203 0800 e0b2 5862 0000 7d22 b63c
74ad 0b00 0809 0a0b 0c0d 0e0f 1011 1213
1415 1617 1819 1a1b 1c1d 1e1f 2021 2223
2425 2627 2829 2a2b 2c2d 2e2f 3031 3233
3435
I tried for a packet size of 8000+ ..there too the order as reversed !!.
Any ideas / pointers to this behaviour ?
cheers
ashley
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
