Looks like tunnel keepalives. Looking at the 6.22 docs, they are enabled by default now and run in 10 second intervals. Jesse - WC3XS Sent from my iPhone > On Nov 13, 2014, at 5:43 PM, Marc, LX1DUC <lx1duc(a)laru.lu> wrote: > > (Please trim inclusions from previous messages) > _______________________________________________ > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Dear YLs and OMs, > > beware of the latest Mikrotik RouterOS version 6.21 and 6.22. > > It generates strange IPIP packets adressed to the remote endpoint of > an IPIP tunnel. The IPIP packets itself contains an IP packet that is > addressed from the remote endpoint to the mikrotik router. > > Pseudo packet capture > > Frame: 1 > Time: 0 > Internet Protocol Version 4, Src: Mi.Kr.Ot.Ik (Mi.Kr.Ot.Ik), Dst: > Re.Mo.Te.IP (Re.Mo.Te.IP) > Internet Protocol Version 4, Src: Re.Mo.Te.IP (Re.Mo.Te.IP), Dst: > Mi.Kr.Ot.Ik (Mi.Kr.Ot.Ik) > > Frame: 2 > Time: 10 > Internet Protocol Version 4, Src: Mi.Kr.Ot.Ik (Mi.Kr.Ot.Ik), Dst: > Re.Mo.Te.IP (Re.Mo.Te.IP) > Internet Protocol Version 4, Src: Re.Mo.Te.IP (Re.Mo.Te.IP), Dst: > Mi.Kr.Ot.Ik (Mi.Kr.Ot.Ik) > > and so on, almost every 10 seconds. > > Once I downgraded to version 6.20 the strange packets seem to have > stopped appearing. > > If someone discovers the origin of this issue and knows of a way to > avoid the issue other than downgrading, please let me know. > > Thanks to PE1CH for notifying me after seeing the strange IPIP packets > on his system. > > 73 de Marc >