schrieb Jeremy Chadwick am 24.10.2012 17:40 (localtime): > (Please keep me CC'd as I'm not subscribed) > > Regarding: > > http://lists.freebsd.org/pipermail/freebsd-stable/2012-October/070239.html > > tcpdump -x is not helpful here. tcpdump -xx would be. > > tcpdump -x dumps the *payload* portion of the packet, while -xx dumps > everything (all headers/protocol data included). > > The reason I say -xx would be helpful is because of this: > >> 2nd: 12:21:10.052891 IP 10.5.49.126 > 10.5.49.65: icmp >> 0x0000: 4500 1000 0f2d 0040 4001 e4c7 0a05 317e > The ICMP code/type and related header data is not being decoded > correctly, or is being *encoded* incorrectly. I can't tell because all > that's shown there is the payload!
Hmm, if I understand things right, there's only the link-level-header
missing, meaning the ethernet adresses. Not the IP-header.
Verified that:
1st: 16:03:08.963292 IP 10.5.49.126 > 10.5.49.65: ICMP echo request, id
30477, seq 0, length 4076
000c 29f1 8424 90e2 ba18 f885 0800
2nd: 16:03:09.968454 IP 10.5.49.126 > 10.5.49.65: icmp
000c 29f1 8424 90e2 ba18 f885 0800
Since the link-level-header is identical, the problem must be later and
the former dump should be valid.
That's easily reproducable everywhere, since lo0 has mtu 16384, so just
' ping -D -s 4068 127.0.0.1 '.
Thanks,
-Harry
signature.asc
Description: OpenPGP digital signature
