Service provider story about tracking down TCP RSTs
tarko at lanparty.ee
Sun Sep 2 14:43:21 UTC 2018
> But why did the TLS Hello has a TTL lower that the TCP Syn ?
> Do you have any information on that ?
Consumer CPEs are typically some BCM reference design where initial TCP
handshake is handled by linux kernel and everything following (including
NAT) is handled in SOC.
I've seen those systems not decrement TTL at all, decrement TTL before
checking if packet is destined to itself etc. This case is weird as
typically the hardware part is faulty, not the kernel.
More information about the NANOG