Revision history [back]
OS X Monterey / IP ID 0x0000
I'm analyzing a pcap capturing everything that an OS X box (running some recent flavor of Monterey) is producing ... and I notice that this stack mostly sets IP ID i to 0x0000. Sometimes, it starts incrementing by 1, e.g. 0x0000, 0x0001, 0x0002, 0x0003 ... but it generally doesn't get far before it returns to 0x0000 At the moment, I'm filtering on tcp.port==443
I haven't seen this behavior -- I'm used to seeing IP ID number increasing steadily, then wrapping at 0xFFFF and starting over
Would anyone care to speculate as to why an OS might not want to bother setting IP ID? Thinking about this, I suppose a non-zero IP ID is not essential to the success of a conversation ... it is only needed for IP fragmentation, and the Do not Fragment bit is set in these frames ... but it seems odd to me
--sk
Stuart Kendrick
OS X Monterey / IP ID 0x0000
I'm analyzing a pcap capturing everything that an OS X box (running some recent flavor of Monterey) is producing ... and I notice that this stack mostly sets IP ID i to 0x0000. Sometimes, it starts incrementing by 1, e.g. 0x0000, 0x0001, 0x0002, 0x0003 ... but it generally doesn't get far before it returns to 0x0000 At the moment, I'm filtering on tcp.port==443
I haven't seen this behavior -- I'm used to seeing IP ID number increasing steadily, then wrapping at 0xFFFF and starting over
Would anyone care to speculate as to why an OS might not want to bother setting IP ID? Thinking about this, I suppose a non-zero IP ID is not essential to the success of a conversation ... it is only needed for IP fragmentation, and the Do not Fragment bit is set in these frames ... but it seems does seem odd to me
--sk
Stuart Kendrick