[plug] What is "truncated-ip" in tcpdump log?
Mike Holland
myk at golden.wattle.id.au
Tue Oct 26 14:17:12 WST 1999
Hopefully one of the network guys can point me in the right direction:
I was getting slow access to Comsec, so did a tcpdump, which showed
lots of exclamation marks after "truncated-ip" messages, suggesting
something is wrong. But no explanation in the man page.
Does the Linux kernel think these are bad packets? The internet seems
to have accepted and carried them. Could something in-between be
fragmenting the packets in a way that linux doesnt understand?
Sometimes the server is repeatedly sending the same 'bad' packet, while
linux keeps sending the same (n)acks.
13:55:27.480125 truncated-ip - 860 bytes missing!203.102.130.162.www >
202.148.95.134.61410: . 9963:11423(1460) ack 1792 win 8760 (DF)
13:55:27.667869 202.148.95.134.61410 > 203.102.130.162.www: . ack 11423
win 8760 (DF)
13:55:27.750105 truncated-ip - 860 bytes missing!203.102.130.162.www >
202.148.95.134.61410: . 11423:12883(1460) ack 1792 win 8760 (DF)
13:55:27.868138 202.148.95.134.61410 > 203.102.130.162.www: . ack 12883
win 8760 (DF)
Mike Holland <mike at golden.wattle.id.au> Perth, Australia.
--==--
The early bird may get the worm, but the second mouse gets the cheese.
More information about the plug
mailing list