Re: arcane changling
Re: arcane changling
- Subject: Re: arcane changling
- From: Josh Graessley <email@hidden>
- Date: Mon, 24 Jul 2006 14:38:19 -0700
The only thing that changes packets after tcpdump is the driver or
the hardware. The most common change is hardware checksums or vlan
tagging that happens in hardware.
-josh
On Jul 24, 2006, at 3:22 PM, email@hidden wrote:
I have an IP filter that alters packets. On output it reinjects
them. I find
that two
bytes are changed when the packet arrives at the destination.
The packets are IP with ESP content. The changed bytes are 16
bytes offset
into the
ESP portion which is the beginning of the encrypted portion.
Using tcpdump I see that they are not changed at the interface (if
that is
where
tcpdump makes its snapshot). We are fairly certain the destination
is not
making the
change, and we can see no relationship between the before and after
values.
What is there after tcpdump that could change an IP packet?
Thanks,
David
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40apple.com
This email sent to email@hidden
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden