21 Oct
2021
21 Oct
'21
4:29 p.m.
On Oct 21, 2021, at 5:40 AM, Tomas Prybil <tomas at
prybil.se> wrote:
Here is a small tcpdump with the ping from A34RTR (34.1023) and FORGER (34.101) for
anyone to dig into.
Full pcap file added as attachment.
10:29:02.072710 34.1023 > 34.101 100 link-service 35839>34917 seg 0 dat seg count
0
10:29:02.082747 34.101 > 34.1023 28 disconn-confirm 34917>35839 no link terminate
...
Specifically, those are link service message (flow control action) asking for "no
change", basically the sort of message an end system would send as a keepalive. But
by being addressed to an invalid link address they produce an immediate reaction from the
destination. They also have "request return to sender" set, so if a router on
the path notices the destination is unreachable it will return it to the sending node.
One thing that's interesting is that the routing layer packet headers ("long data
packet format") don't conform to the specification. That format has a bunch of
reserved fields in it, which originally were put in as part of a longer range plan for new
routing layer capabilities. Those never actually happened, instead DECnet switched to
OSI. So in Phase IV those fields are marked "reserved" which means "send
zero, ignore on receipt". The trace shows that the sending node (A34RTR) is sending
random garbage in those bytes. That won't break things but it's sloppy.
paul