[Nottingham] Odd behaviour in KDE
Robert Davies
nottingham at mailman.lug.org.uk
Wed Aug 20 17:03:01 2003
On Wednesday 20 Aug 2003 14:28, Iain Lennon wrote:
> Aug 4 16:35:37 whitetower snort: [1:521:1] MISC Large UDP Packet
> [Classification: Potentially Bad Traffic] [Priority: 2]: {UDP}
> 192.168.1.2:800 -> 192.168.1.1:2049
>
> Just an example.
>
> MTUs on all machines were set at 1500 (obviously a default). Searching the
> mailing lists for wlan-ng a setting of 2346 was evidently the setting to
> use,
I've read, that according to the RFC UDP packets with payload larger than 512
bytes do not have to be supported by hosts on the Internet, so that warning
might simply be about large UDP packets, generated by something like NFS.
Your symptoms are very similar to a problem I encountered when Solaris2 was
first getting deployed. It set the Do Not Fragment bits and some routers,
didn't handle it properly, or the ICMP messages might have been filtered
away, so the host could never discover it's packet size was larger than the
MTU at some point on the path.
So have you some heavy duty firewall filtering for security purposes that
might be throwing away ICMP messages, telling your host to reduce it's
transmission size?
Rob