[plug] Need help deciphering tcpdump
James Devenish
devenish at guild.uwa.edu.au
Fri Oct 17 17:00:32 WST 2003
In message <20031017082938.GD10160 at erdos.home>
on Fri, Oct 17, 2003 at 04:29:38PM +0800, Cameron Patrick wrote:
> 15:54:27.906400 134.243.85.3.z3950 > 130.95.39.9.1040: . 773:2153(1380) ack 597 win 64860 (DF)
Are you really really sure you didn't just bump the 'z' key on your
keyboard while the tcpdump output was being displayed? :-) If you are,
then it looks like a (scary?) bug. But, I don't know what version of
tcpdump you're using.
> 15:54:27.906573 130.95.39.9 > 134.243.85.3: icmp: 130.95.39.9 unreachable - need to frag (mtu 1400) [tos 0xc0]
Your host has received this message from a remote router. It occurs for
the reason Craig said (i.e. mtu is 1400 rather than what your host sent
PLUS the packet has the dont'-fragment bit set). If the DF bit were not
set, the remote router should fragments the packets as necessary (for
various values of "should"?).
_______________________________________________
plug mailing list
plug at plug.linux.org.au
http://mail.plug.linux.org.au/cgi-bin/mailman/listinfo/plug
More information about the plug
mailing list