[e2e] ICMP & TCP segments with IP ID = 0?

Joe Touch touch at ISI.EDU
Wed May 16 09:19:26 PDT 2001

Jerome Etienne wrote:
> On Wed, May 16, 2001 at 10:04:36AM -0400, Craig Partridge wrote:
> >
> > Hi folks:
> >
> > As a side discovery on a research project, we've tripped over a bunch of
> > packets in the wild where the IP ID is set to 0.  Some are ICMP packets
> > and some are TCP segments.
> linux did it at some point, i dont know if it is still valid.
> > Before we set up a traffic filter to track down what brand of system is
> > generating these evil beasts, I'm writing to see if anyone has already
> > figured out what kind of system sends them.
> what is so evil in setting the IPv4 id to 0, assuming the DF bit is set ?

Or that the ID isn't reused for a few RTTs.
RFC791 says there are 65536 valid values; 
it doesn't preclude 0 even for fragmented packets.
RFC1122 says that hosts MAY resend a packet with the
same ID (p32, also p91), which means it should not
be reused for a fair amount of time (more than 1 MSL, 
however, due to retransmission)


More information about the end2end-interest mailing list