Service provider story about tracking down TCP RSTs

Tarko Tikan tarko at lanparty.ee
Sun Sep 2 14:43:21 UTC 2018


hey,

> But why did the TLS Hello has a TTL lower that the TCP Syn ?
> 
> Do you have any information on that ?

Consumer CPEs are typically some BCM reference design where initial TCP 
handshake is handled by linux kernel and everything following (including 
NAT) is handled in SOC.

I've seen those systems not decrement TTL at all, decrement TTL before 
checking if packet is destined to itself etc. This case is weird as 
typically the hardware part is faulty, not the kernel.

-- 
tarko


More information about the NANOG mailing list