24 October 2014


RFC 894 vs RFC 1042

2.2 Ethernet and IEEE 802 Encapsulation of TCP/IP Illustrated, Vol. 1: The Protocols (Addison-Wesley Professional Computing Series) 1st Edition says:

RFC 894 encapsulation is most commonly used.

And Ethernet_frame says:

Ethernet II frame, or Ethernet Version 2,[g] or DIX frame is the most common type in use today, as it is often used directly by the Internet Protocol.

Ethernet II frame means a RFC 894 frame. Ethernet_frame also says:

There exists an Internet standard for encapsulating IPv4 traffic in IEEE 802.2 LLC SAP/SNAP frames.[13] It is almost never implemented on Ethernet, although it is used on FDDI, Token Ring, IEEE 802.11 [clarification needed] and other IEEE 802 LANs.

IEEE 802.2 LLC SAP/SNAP frames are RFC 1042 frame. So it seems that RFC 894 is more much widely used than RFC 1042.


TCP Flags: PSH and URG

Congestion Control

TCP backoff:

One TCP connnection has one RTO timer.


For the following back udp cksum error in the data captured by tcpdump, UDP / TCP Checksum errors from tcpdump & NIC Hardware Offloading has a good explanation.

13:50:36.947842 IP (tos 0x0, ttl 64, id 17989, offset 0, flags [DF], proto UDP (17), length 56) > [bad udp cksum 0xfe37 -> 0x7e2b!] UDP, length 28
	0x0000:  4500 0038 4645 4000 4011 f66d 7f00 0001  E..8FE@.@..m....
	0x0010:  7f00 0001 115d d407 0024 fe37 5375 6e20  .....]...$.7Sun.
	0x0020:  4a61 6e20 3034 2031 333a 3530 3a33 3620  Jan.04.13:50:36.
	0x0030:  4353 5420 3230 3135                      CST.2015


Output form ifconfig.

lo        Link encap:Local Loopback  
          inet addr:  Mask:
          inet6 addr: ::1/128 Scope:Host

wlan0     Link encap:Ethernet  HWaddr 7c:7a:91:bf:de:3e  
          inet addr:  Bcast:  Mask:
          inet6 addr: fe80::7e7a:91ff:febf:de3e/64 Scope:Link

Consider a server and a client which are running on the same machine. Moninoring with tcpdump draws the following conclusion. Whatever ip ( or the client use to connnect to the server, the lo interface is used.