Types of packet modifications allowed for networks

Darden, Patrick S. darden at armc.org
Mon Jun 2 12:21:20 UTC 2008

I'm not aware of any hard rules regarding this.  I'll include yours below:

--packet fragmentation due to inconsistent MTUs and/or bandwidth (e.g. moving from ATM at 150Mbps to a fractional DS3 at 3.088Mbps)
--ttl changes from hop to hop
--dest ip changes from hop to hop
--PAT/NAT changes in last network borders (e.g. routing traffic to appropriate endpoints (servers) or starting points (workstations))
--PAT/NAT changes in "last" host (e.g. it hits ext ip port 4443, gets changed to newip:443 and forwarded on)
--firewall changes in buffer/mother network (e.g. protective network or DMZ)--these could be almost anything, most frequent would be morons who completely block ICMP--you should probably count anti-spam and anti-virus (layer 4 but affects layer 3 dramatically) but these are usually advertised features subscribed to by the customers (as opposed to secret "features" that only come out due to customer outrage)
--header checksum changes after contents changes (e.g. dip at a router)

Meh, not sure I was helpful.

More information about the NANOG mailing list