Always Networks Blog - Fragmentation

CCIE Written Blueprint: 1.1.d Explain IP operations

1.1.d (i) ICMP unreachable, redirect

ICMP Unreachable

Generated by a host or gateway to indicate that the packet was discarded as the destination is unreachable. It will not be generated for multicast traffic. It is sub-divided into 15 types as follows:

Code Value Message Subtype Description
0 Network Unreachable The datagram could not be delivered to the network specified in the network ID …
Read whole post...

MTU / Fragmentation / ACL Tests….Part 2

Now that ICMP traffic is fragmenting across the network, it's time to change and start using TCP traffic.

This is a follow on from MTU / Fragmentation / ACL Tests….Part 1 and I am aiming to find out what happens to fragmented packets when matched to static extended access lists.

I'm going to use a program called Ostinato for this. It's a freeware tool for generating …

Read whole post...

MTU / Fragmentation / ACL Tests....Part 1

There was a throwaway line in a book I was reading (the CCNA: Security Official Certification Guide), that said that a disadvantage of ACL's is:

Does not filter fragmented packets with the same accuracy as non fragmented packets.

I have no idea why this is true, and after a post on techexams.net, I decided to just set up a lab and have a go …

Read whole post...