On Thu, Apr 11, 2002 at 07:59:34PM -0400, Ashley Thomas wrote:
> Node G is passively watching the traffic and weirdly it sees tha fragments
> in the reverse order ...
If the fragments are transmitted by node F in reverse order, there's
nothing weird about node G seeing them in reverse order.
I think I remember a claim, at one point, that at least some versions of
the Linux IPv4 stack transmit fragments in reverse order. I don't know
whether that's true, nor do I know whether node F is running Linux.
(Node G presumably isn't, as tcpdump is listening on fxp1 rather than on
eth1 or whatever.)
This message:
http://www.uwsg.iu.edu/hypermail/linux/kernel/9812.0/0729.html
appears to claim that, at least at one point in time, Linux *did* send
them in reverse order. Perhaps it still does.
What happens if you listen on node F while it's pinging?
At least according to what
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=37485
says, the "Warning: time of day goes back, taking countermeasures." is
just reporting on the time stamp on the echo reply being "greater than"
the time stamp on the echo (perhaps he meant "less than"), so it doesn't
necessarily imply that the "countermeasures" involve sending fragments
out in reverse order. ("ping" might just use raw IP sockets to send
ICMP packets, in which case it might just leave the fragmentation up to
the IPv4 stack.)
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
