[ale] still trying to figure it out
Ed Landa
elanda at xeme.com
Mon Aug 4 08:27:26 EDT 2003
> Whereas on the dump from the machine behind the dmz I see "Don't
> fragment: Set"
>
> Now I'm not sure how this might be hosing things. To be honest, I'd
> expect that if it was the other way around, it might be hosing things.
Somewhere between you and the destination machine is a link with a smaller MTU.
When the packet with a DF option is received, that router is dropping the
packet and should be sending back an ICMP "fragmentation needed" message. Add
ICMP to your tcpdump filter and see if that is in fact happening.
Ed
PGP signature
More information about the Ale
mailing list