[Dshield] Is this normal?

Stephane Grobety security at admin.fulgan.com
Sun Jun 23 07:36:15 GMT 2002


JU> ICMP Time Exceeded is a fragmentation error.

Ah... no, it's not... It's a TTL exceeded.

Fragmentation error happen only in one case: a packet is bigger than
the MTU (Maximum Transmission Unit) of one of the segments on the
route AND that packet has the "Do not Fragment" bit set: the
router cannot fragment the packet and will drop it and reply with this
ICMP message (it is the mechanism used to discover the Path MTU ==
size of the biggest packet that can run thruogh a particular route
without being fragmented and thus make and thus optimize the
connection).

Dropped packet are simply not acknowledged (in the case of TCP) and
thus re-emitted by the source. In the case of connectionless protocols
(UDP, ICMP, SKIP), the packet are just dropped and it's up to the
application to cope.

TTL has been properly described in another post.

Good luck,
Stephane
-- 
Best regards,
 Stephane                            mailto:security at admin.fulgan.com




More information about the list mailing list