Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
518
Views
0
Helpful
3
Replies

IP conversation thru routers?

RobinCruz
Level 1
Level 1

‎09-10-2009 05:50 PM - edited ‎03-04-2019 06:00 AM

For an IP conversation that is passed through 2 routers....

and packets are captured at the output of each router at the ports the IP conversation is routed to.....

would each side of the router packet capture carry the same packets or conversation packets with the exception being that the source and destination IP address would be different?

What else would look different between the two packet captures?

Thanks for any tips!

Labels:
0 Helpful
3 Replies 3

Jon Marshall
Hall of Fame
Hall of Fame

‎09-11-2009 02:03 AM

Robin

H1 -> R1 -> R2 -> H2

H1/H2 are end hosts

R1/R2 = routers

You capture traffic as leaves R2 going to H2 and as it leaves R1 going to H1 - is this correct ?

If so what would be different. Well assuming there is no NAT in place and there is no QOS marking going on -

1) the src and destination mac-addresses in frame would be different ie. as it leaves R2 to H2

src mac R2 interface connected to H2

dst mac H2

as it leaves R1 to H1

src mac R1 interface connected to H1

dst mac H1

6) TTL in the packet would be different

2) Source and destination IP addresses would be flipped ie. they would be the same addresses (H1/H2) just flipped around

3) Ditto for the TCP/UDP ports. Note that some TCP apps do funny things with the ports but the vast majority would just be flipped.

4) Ping would have different code types eg. one way the code type would be "echo request", the return would be "echo reply"

5) TCP Flags and sequence numbers would change in the packets

6) Obviously checksums would be unique to each packet

Jon

0 Helpful

RobinCruz
Level 1
Level 1
In response to Jon Marshall

‎09-11-2009 08:25 AM

yes. thats exactly the scenario. Thank you so much for that insight.

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎09-11-2009 02:52 AM

Hello Robin,

if you mean an IP flow routed and going thorugh R1 and R2:

if NAT is not involved IP SA and IP DA are the sames.

TTL field is decremented according to number of hops between R1 and R2

As a result of this the IPv4 header checksum is different because it reflects the different TTL value.

if one device R1 or R2 or other device in the path performs NAT address translations IP SA and IP DA can be different and other changes to upper layer protocols headers are made as necessary.

Hope to help

Giuseppe

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card