Re^3: Getting packets over 1500 Bytes pcap.

I guess we are both right - depending on which IP option is implemented:

From http://en.wikipedia.org/wiki/IP_fragmentation

In a case where a router receives a protocol data unit (PDU) larger than the next hop's MTU, it has two options if the transport is IPv4: drop the PDU and send an Internet Control Message Protocol (ICMP) message which indicates the condition Packet too Big, or fragment the IP packet and send it over the link with a smaller MTU.

What is the sound of Perl? Is it not the sound of a wall that people have stopped banging their heads against?
-Larry Wall, 1992

Comment on Re^3: Getting packets over 1500 Bytes pcap.

Replies are listed 'Best First'.
Re^4: Getting packets over 1500 Bytes pcap. by no_slogan (Deacon) on May 26, 2014 at 13:41 UTC
Firewalls don't care about internet standards. I get an immediate response to a 1400 byte ping: `06:26:15.154205 IP 10.0.0.13 > perlmonks.pair.com: ICMP echo request, +id 46849, seq 0, length 1408 06:26:15.232493 IP perlmonks.pair.com > 10.0.0.13: ICMP echo reply, id + 46849, seq 0, length 1408` [download] And no response to a fragmented 1500 byte ping: `06:26:32.986529 IP 10.0.0.13 > perlmonks.pair.com: ICMP echo request, +id 47105, seq 0, length 1480 06:26:32.986540 IP 10.0.0.13 > perlmonks.pair.com: icmp` [download] BTW, I get a "time exceeded" message if I set the TTL to 16, but nothing if I set it to 17. It looks like Pair.com's border firewall is eating ICMPs. `06:34:53.777278 IP 10.0.0.13 > perlmonks.pair.com: ICMP echo request, +id 59649, seq 0, length 1480 06:34:53.777287 IP 10.0.0.13 > perlmonks.pair.com: icmp 06:34:53.862597 IP continental.car1.pittsburgh3.level3.net > 10.0.0.13 +: ICMP time exceeded in-transit, length 36` [download] (And yes, I know ping doesn't use UDP.)	[reply] [d/l] [select]

Replies are listed 'Best First'.

Re^4: Getting packets over 1500 Bytes pcap.
by no_slogan (Deacon) on May 26, 2014 at 13:41 UTC

Firewalls don't care about internet standards. I get an immediate response to a 1400 byte ping:

06:26:15.154205 IP 10.0.0.13 > perlmonks.pair.com: ICMP echo request, 
+id 46849, seq 0, length 1408
06:26:15.232493 IP perlmonks.pair.com > 10.0.0.13: ICMP echo reply, id
+ 46849, seq 0, length 1408
[download]

And no response to a fragmented 1500 byte ping:

06:26:32.986529 IP 10.0.0.13 > perlmonks.pair.com: ICMP echo request, 
+id 47105, seq 0, length 1480
06:26:32.986540 IP 10.0.0.13 > perlmonks.pair.com: icmp
[download]

BTW, I get a "time exceeded" message if I set the TTL to 16, but nothing if I set it to 17. It looks like Pair.com's border firewall is eating ICMPs.

06:34:53.777278 IP 10.0.0.13 > perlmonks.pair.com: ICMP echo request, 
+id 59649, seq 0, length 1480
06:34:53.777287 IP 10.0.0.13 > perlmonks.pair.com: icmp
06:34:53.862597 IP continental.car1.pittsburgh3.level3.net > 10.0.0.13
+: ICMP time exceeded in-transit, length 36
[download]

(And yes, I know ping doesn't use UDP.)

[reply]
[d/l]
[select]