1 | initial version |
Hmmm... interesting case. I just tested it with a couple of different IP destinations and some systems send inlcude the whole IP datagram in the ICMP destination unreachable response and some systems only included the first 64 bits of the original IP datagram (as RFC 792 is dictating).
So to answer your original question:
Which of the two following options is true?
- The server actually sends back the entire packet, not stopping after the 8th byte of the IPdata.
- WireShark does something under the hood which I am missing altogether?
Yes, "the server actually sends back the entire packet, not stopping after the 8th byte of the IPdata."
Why some systems do include the whole IP datagram instead of the first 64 bits is unknown to me.