From event log of my Thomson 585 v7 8.2.6.5
Had a momentary power drop last evening without sync loss, and later went into router found IDS fragment parser : fragment out-of-order (1 of 1) : 81.138.88.153 87.113.24.62 1020 TCP 80->53500 [..A...] seq 1573005127 ack 253368446 win 65096 frag 42702:1000@0+
TBH I do not think the event is related due to its timing, but would like to know what its significance is. The only other entries last evening are routine as SNTP syncs to server.
So! Please feed my fragmentary knowledge.
Oh BTW, I know that IDS does not mean Ian Duncan-Smith
IDS usually means intrusion detection system. One of the best known IDS is called
snort.
As for the fragmentation warning error..
TCP uses what's called a sliding window protocol. A packet fragment arriving outside of that sliding time window is being flagged up by the IDS. It's normally nothing sinister. Just an issue with network congestion somewhere along the route. Some switch is overloading.
However, it is a poor show that the packet loss and delay is on port 80 (HTTP) traffic. Normally that type of network traffic is prioritised at the switches through different queue weights.
Port 80 traffic has a bursty flow nature, but it's generally low bandwidth. Although maybe not so much these days with all the multimedia guff (flash, mpegs, huge animated GIFs) that people reference from a web page.
Anyway, nothing to worry about, sfaik.
For the professional paranoid,
tripwire is a useful addition to
snort. It monitors all the system binaries and scripts for illicit modifications. It's a bit like a virus detector for
BillyGatesWare.
cheers, a