Archive for the ‘Debug’ Category
When debugging MTU related issues (with IPSEC for instance) it is necessary to see if ICMP type 3 code 4 are generated.
ICMP type 3 code 4 stands for destination unreachable and in our case it can tell you if fragmentation is necessary or not on the path. For you information these icmp errors are generated only when DF (dont fragment flag is set).
here are tcpdump and fw monitor filters I use :
fw monitor -e ‘accept [9:1]=1 and [20:1,b]=3 and [21:1,b]=4;’
or
tcpdump -n -i eth0 ‘ip[9:1] = 1′ and ‘ip[20:1] = 3′ and ‘ip[21:1] = 4′