Wireshark-dev: Re: [Wireshark-dev] [Wireshark-commits] rev 36193: /trunk/epan/dissectors/ /trun
From: Stephen Fisher <steve@xxxxxxxxxxxxxxxxxx>
Date: Mon, 14 Mar 2011 14:58:52 -0600
Chris,

Thanks for pointing that out - I had forgotten about that bug report.  
The case I'm looking at is where an ICMP echo request goes out with an 
ICMP header of 8 bytes + a payload of 32 bytes for a ping.  Then I 
receive an ICMP destination host unreachable containing the original IP 
header and ICMP header but *not* the 32 byte payload from the original 
ICMP echo request.  My understanding is that this lack of echo request's 
payload (per RFC #792 - "Internet Header + 64 bits of Original Data 
Datagram") causes the ICMP echo request to no longer be verifiable.  I 
have both the original and returned packets and the IP total length is 
60 bytes in both cases, unlike in the bug report you had made.