Types of packet modifications allowed for networks

Darryl Ross spam at afoyi.com
Mon Jun 2 12:54:48 UTC 2008

Darden, Patrick S. wrote:
> --packet fragmentation due to inconsistent MTUs and/or bandwidth (e.g. moving from ATM at 150Mbps to a fractional DS3 at 3.088Mbps)

MTUs yes, bandwidth no. Bandwidth congestion at the boundary to a slower 
network will cause buffering and dropped packets, not a fragment. Trying 
to fit a jumbo frame packet into a standard MTU network _will_ (if the 
DF bit is not set).

> --ttl changes from hop to hop

Decrements, yes.

> --dest ip changes from hop to hop

Say what? The L2 address might change at each hop (eg, MAC address of 
the next gateway in ethernet type networks) but the L3 destination 
address, which is the "destination IP", certainly doesn't. If it did how 
would the packet ever get to where it was sent?

> --PAT/NAT changes in last network borders (e.g. routing traffic to appropriate endpoints (servers) or starting points (workstations))

NAT/PAT can occur at any point in the network, but is most common at the 

> --PAT/NAT changes in "last" host (e.g. it hits ext ip port 4443, gets changed to newip:443 and forwarded on)


> --firewall changes in buffer/mother network (e.g. protective network or DMZ)--these could be almost anything, most frequent would be morons who completely block ICMP--you should probably count anti-spam and anti-virus (layer 4 but affects layer 3 dramatically) but these are usually advertised features subscribed to by the customers (as opposed to secret "features" that only come out due to customer outrage)

This is rather common, especially things like resetting the QOS bits, 
clearing the DF flag, etc.

> --header checksum changes after contents changes (e.g. dip at a router)

TTL being decremented is enough.



Darryl Ross, VK5FUNE
Director, AFOYI, "Information Technology Solutions"
p +61 8 7127 1831
f +61 8 8425 9607
e darryl at afoyi.com

More information about the NANOG mailing list