From owner-freebsd-stable@FreeBSD.ORG Wed Oct 24 17:00:57 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6F9F8709; Wed, 24 Oct 2012 17:00:57 +0000 (UTC) (envelope-from h.schmalzbauer@omnilan.de) Received: from host.omnilan.net (s1.omnilan.net [62.245.232.135]) by mx1.freebsd.org (Postfix) with ESMTP id D0B7B8FC14; Wed, 24 Oct 2012 17:00:56 +0000 (UTC) Received: from titan.inop.wdn.omnilan.net (titan.inop.wdn.omnilan.net [172.21.3.1]) (authenticated bits=0) by host.omnilan.net (8.13.8/8.13.8) with ESMTP id q9OH2I4A073293 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 24 Oct 2012 19:02:18 +0200 (CEST) (envelope-from h.schmalzbauer@omnilan.de) Message-ID: <50881EC7.9030400@omnilan.de> Date: Wed, 24 Oct 2012 19:00:55 +0200 From: Harald Schmalzbauer Organization: OmniLAN User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; de-DE; rv:1.9.2.8) Gecko/20100906 Lightning/1.0b2 Thunderbird/3.1.2 MIME-Version: 1.0 To: Jeremy Chadwick Subject: Re: every 2nd echo-request malformed when ping -s >4067 References: <20121024154017.GA3167@icarus.home.lan> <5088163E.2090506@omnilan.de> <20121024165148.GA4250@icarus.home.lan> In-Reply-To: <20121024165148.GA4250@icarus.home.lan> X-Enigmail-Version: 1.1.2 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig71CB79B20954948157274845" Cc: Adrian Chadd , FreeBSD Stable X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Oct 2012 17:00:57 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig71CB79B20954948157274845 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable schrieb Jeremy Chadwick am 24.10.2012 18:51 (localtime): > ... > # tcpdump -p -i em0 -l -n -s 0 -xx "icmp and dst host 4.2.2.1" > tcpdump: verbose output suppressed, use -v or -vv for full protocol dec= ode > listening on em0, link-type EN10MB (Ethernet), capture size 65535 bytes= > 09:45:22.725137 IP 192.168.1.51 > 4.2.2.1: ICMP echo request, id 6417, = seq 0, length 64 > 0x0000: e0cb 4ec0 00c4 0030 48d2 22d0=20 Have you ever seen "e0:cb:4e:c0:00:c4" and "00:30:48:d2:22:d0" ? These are your mac addresses, which -xx shows. =2E.. > And compare this to what you're seeing (look closely at the 2nd line): > > 16:03:08.963292 IP 10.5.49.126 > 10.5.49.65: ICMP echo request, id 3047= 7, seq 0, length 4076 > 16:03:09.968454 IP 10.5.49.126 > 10.5.49.65: icmp Of course, I saw that. That's why I claim the 2nd outgoing request to be malformed ;-) > ... > > This is why I said I want to see output from -xx and not -x. What I > want to see is the *full packet contents* (IP header, ICMP header, and > any ICMP payload). =20 -x gives everything above link-layer, so IP and ICMP are in my last dump.= Thanks, -Harry --------------enig71CB79B20954948157274845 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iEYEARECAAYFAlCIHscACgkQLDqVQ9VXb8h8LACglPxcdcQgiwaiI8Em3enHKObH zAkAoIlkaatp6or05i8PlZN8x3lCHmlP =XtMY -----END PGP SIGNATURE----- --------------enig71CB79B20954948157274845--