On Mon, 2003-07-07 at 08:37, Kohei OHTA wrote:
> I found a strange packet, which is generated by ping of Linux.
> It is observed ID field of IP header in ping packet (Echo request) is always
> I confirmed this on kernel 2.4.18 and 2.4.21.
> My colleague also confirmed this is fixed in kernel 2.5.74.
> I hope this is fixed in next next 2.4.x release.
I guess this behaviour is to prevent Idle scanning, that is based on
predictable IPID numbers . Therefore, the Linux TCP/IP stack uses 0
as IPID when the DF (Don't Fragment) bit is set. I'm not sure, but I
think that Linux also uses peer-specific IPID numbers to make the