I had an interesting issue yesterday where I had to prove that a firewall was injecting TCP RST packets to drop active connections. The details of the firewall problem aren’t relevant, but in order to tie several packet traces together and prove beyond doubt that the mysterious RST packets were being injected and not coming from the end host I had to turn to a little-remembered field in the IP packet header — the identification field.
Herding Packets
Days in the life of a professional packet shepherd.
Monthly Archives: June 2013
Cisco Live Tips
By counting the number of crazy, jingling, battery-powered hats in the corner of my office, I have scientifically deduced that this year will be the 6th time I’ve attended Cisco Live (starting way back when it was officially still Cisco Networkers). Over the years, I’ve picked up a few tips on what to do, and what not to do, to make the trip valuable, educational, and enjoyable. In no particular order, here they are:
Herding Packets 