Service provider story about tracking down TCP RSTs

Tarko Tikan tarko at
Sun Sep 2 14:43:21 UTC 2018


> But why did the TLS Hello has a TTL lower that the TCP Syn ?
> Do you have any information on that ?

Consumer CPEs are typically some BCM reference design where initial TCP 
handshake is handled by linux kernel and everything following (including 
NAT) is handled in SOC.

I've seen those systems not decrement TTL at all, decrement TTL before 
checking if packet is destined to itself etc. This case is weird as 
typically the hardware part is faulty, not the kernel.


More information about the NANOG mailing list