[e2e] ICMP & TCP segments with IP ID = 0?
Joe Touch
touch at ISI.EDU
Wed May 16 09:19:26 PDT 2001
Jerome Etienne wrote:
>
> On Wed, May 16, 2001 at 10:04:36AM -0400, Craig Partridge wrote:
> >
> > Hi folks:
> >
> > As a side discovery on a research project, we've tripped over a bunch of
> > packets in the wild where the IP ID is set to 0. Some are ICMP packets
> > and some are TCP segments.
>
> linux did it at some point, i dont know if it is still valid.
>
> > Before we set up a traffic filter to track down what brand of system is
> > generating these evil beasts, I'm writing to see if anyone has already
> > figured out what kind of system sends them.
>
> what is so evil in setting the IPv4 id to 0, assuming the DF bit is set ?
Or that the ID isn't reused for a few RTTs.
RFC791 says there are 65536 valid values;
it doesn't preclude 0 even for fragmented packets.
RFC1122 says that hosts MAY resend a packet with the
same ID (p32, also p91), which means it should not
be reused for a fair amount of time (more than 1 MSL,
however, due to retransmission)
Joe
More information about the end2end-interest
mailing list