Fabiana moreno wrote:
i have the following capture made by tcpdump and it looks weird to me as
the packets id are always 0, has this happened to anyone? what does this mean?
1207912741.803450 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto
UDP (17), length 85) 192.168.123.100.6970 > 192.168.123.103.6970: UDP,
length 57
RFC 791 (the IPv4 specification) says of the identification field
An identifying value assigned by the sender to aid in assembling the
fragments of a datagram.
Those packets have the "don't fragment" flag set, so they aren't going
to be fragmented and no reassembly of the fragments will need to be
done; as such, the identification field isn't necessary.
Is the machine sending the packets a small embedded device? If so, it
might have a small embedded protocol stack that doesn't bother
supporting fragmentation and reassembly, and just sets the "don't
fragment" flag in outgoing packets and doesn't bother setting the
identification field.
It might also be a non-small device that's trying to boot, so that it's
running a small firmware protocol stack before it loads the OS.
