[ale] still trying to figure it out
Geoffrey
esoteric at 3times25.net
Mon Aug 4 08:36:31 EDT 2003
Ed Landa wrote:
>> Whereas on the dump from the machine behind the dmz I see "Don't
>> fragment: Set"
>>
>> Now I'm not sure how this might be hosing things. To be honest,
>> I'd expect that if it was the other way around, it might be hosing
>> things.
>
>
> Somewhere between you and the destination machine is a link with a
> smaller MTU. When the packet with a DF option is received, that
> router is dropping the packet and should be sending back an ICMP
> "fragmentation needed" message. Add ICMP to your tcpdump filter and
> see if that is in fact happening.
Just a quick check shows that the firewall, choke and machine behind the
dmz all have an mtu of 1500. I'll look a bit further into the ICMP stuff..
Thanks.
>
> Ed
>
--
Until later: Geoffrey esoteric at 3times25.net
The latest, most widespread virus? Microsoft end user agreement.
Think about it...
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list