I have changed the IP address for security reason. But looking at the packet I know the packet is not a valid IGMP v2 membership query packet. Because the group address is 240.0.3.146 (valid multicast group range is 220.127.116.11 - 18.104.22.168) and the multicast Ethernet address is not correct ( valid multicast Ethernet address starts with 01-00-5E .).
Also the IP ID is set to zero, which is unusual to me. My understanding about the IP ID is, its between the ranges of 1-65535. But someone also told me that Linux machines might send packets with IP ID of zero. In order for me to come to conclusion as to whether this packet has been crafted or a misconfiguration, I need to know when IGMP v2 membership query is initiated by Cisco routers does it have an IP ID of zero????
No...IP ID is the number assinged to all IP sessions. For example if one IP session includes 6 packets, all six packets should have the same IP ID. This way the host at the other end can re-assemble the packets.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...