every 2nd echo-request malformed when ping -s >4067
Harald Schmalzbauer
h.schmalzbauer at omnilan.de
Wed Oct 24 17:00:57 UTC 2012
schrieb Jeremy Chadwick am 24.10.2012 18:51 (localtime):
> ...
> # tcpdump -p -i em0 -l -n -s 0 -xx "icmp and dst host 4.2.2.1"
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on em0, link-type EN10MB (Ethernet), capture size 65535 bytes
> 09:45:22.725137 IP 192.168.1.51 > 4.2.2.1: ICMP echo request, id 6417, seq 0, length 64
> 0x0000: e0cb 4ec0 00c4 0030 48d2 22d0
Have you ever seen "e0:cb:4e:c0:00:c4" and "00:30:48:d2:22:d0" ?
These are your mac addresses, which -xx shows.
...
> And compare this to what you're seeing (look closely at the 2nd line):
>
> 16:03:08.963292 IP 10.5.49.126 > 10.5.49.65: ICMP echo request, id 30477, seq 0, length 4076
> 16:03:09.968454 IP 10.5.49.126 > 10.5.49.65: icmp
Of course, I saw that. That's why I claim the 2nd outgoing request to be
malformed ;-)
> ...
>
> This is why I said I want to see output from -xx and not -x. What I
> want to see is the *full packet contents* (IP header, ICMP header, and
> any ICMP payload).
-x gives everything above link-layer, so IP and ICMP are in my last dump.
Thanks,
-Harry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20121024/7df91d0b/attachment.sig>
More information about the freebsd-stable
mailing list