cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
174
Views
5
Helpful
2
Replies
Beginner

IP Fragments Header

Hello all

 

Below statement found in cisco website, saying only non-fragment & initial Fragment packets contain Layer 4 header, 

and non-initial fragments do not contain.

https://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/8014-acl-wp.html

""Non-initial fragments are traditionally allowed through the ACL because they can be blocked based on Layer 3 information in the packets; however, because these packets do not contain Layer 4 information, they do not match the Layer 4 information in the ACL entry, if it exists.""

 

But as per my lab test, only non-fragment and the final fragment contains Layer 4 header, not an initial one!.

I have attached packet capture below, can anyone explain, please?IP Frag.JPG

 

Thanks 

Siva

Everyone's tags (2)
2 REPLIES 2
Highlighted
Hall of Fame Expert

Re: IP Fragments Header

Hello Siva,

you are using a small server / service called ECHO on TCP port 7.

 

see the following thread from learning network for additional info

 

https://learningnetwork.cisco.com/thread/120555

 

In fact, the last packet is recognized as ECHO in the packet capture.

 

The ECHO service is described here in the following RFC

 

https://tools.ietf.org/html/rfc862

 

>>

TCP Based Echo Service

   One echo service is defined as a connection based application on TCP.
   A server listens for TCP connections on TCP port 7.  Once a
   connection is established any data received is sent back.  This
   continues until the calling user terminates the connection.

 

My guess is that what you see is application specific, because this ECHO service sends back the received traffic in reverse order with the objective to provide a way to measure RTT = Round Trip Time. = two ways delay.

see

https://en.wikipedia.org/wiki/Echo_Protocol

 

This protocol on the UDP port 7 is actually used for Wake on LAN.

 

So I would suggest you to setup an FTP server for example and to repeat your tests with a conventional application like FTP.

The results of the new tests should show that the layer4 information is contained in the first fragment and not in the last one as I have always seen in my packet captures.

In other words you have found an exception to the general rule, given the peculiar nature of the ECHO service.

 

>> I hope your switching exam has been successful.

 

Hope to help

Giuseppe

 

Beginner

Re: IP Fragments Header

Hi @Giuseppe Larosa 

 

Thank you for the reply,

Let me do the test with other protocol as you said.

 

I'm glad you remember me!

With your helping hands I successfully completed my switch exam.

 

Regards 

Siva

 

 

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards