IP conversation thru routers?

Unanswered Question
Sep 10th, 2009

For an IP conversation that is passed through 2 routers....

and packets are captured at the output of each router at the ports the IP conversation is routed to.....

would each side of the router packet capture carry the same packets or conversation packets with the exception being that the source and destination IP address would be different?

What else would look different between the two packet captures?

Thanks for any tips!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Fri, 09/11/2009 - 02:03

Robin

H1 -> R1 -> R2 -> H2

H1/H2 are end hosts

R1/R2 = routers

You capture traffic as leaves R2 going to H2 and as it leaves R1 going to H1 - is this correct ?

If so what would be different. Well assuming there is no NAT in place and there is no QOS marking going on -

1) the src and destination mac-addresses in frame would be different ie. as it leaves R2 to H2

src mac R2 interface connected to H2

dst mac H2

as it leaves R1 to H1

src mac R1 interface connected to H1

dst mac H1

6) TTL in the packet would be different

2) Source and destination IP addresses would be flipped ie. they would be the same addresses (H1/H2) just flipped around

3) Ditto for the TCP/UDP ports. Note that some TCP apps do funny things with the ports but the vast majority would just be flipped.

4) Ping would have different code types eg. one way the code type would be "echo request", the return would be "echo reply"

5) TCP Flags and sequence numbers would change in the packets

6) Obviously checksums would be unique to each packet

Jon

RobinCruz Fri, 09/11/2009 - 08:25

yes. thats exactly the scenario. Thank you so much for that insight.

Giuseppe Larosa Fri, 09/11/2009 - 02:52

Hello Robin,

if you mean an IP flow routed and going thorugh R1 and R2:

if NAT is not involved IP SA and IP DA are the sames.

TTL field is decremented according to number of hops between R1 and R2

As a result of this the IPv4 header checksum is different because it reflects the different TTL value.

if one device R1 or R2 or other device in the path performs NAT address translations IP SA and IP DA can be different and other changes to upper layer protocols headers are made as necessary.

Hope to help

Giuseppe

Actions

This Discussion