Re: TCP fragmentation and wireshark

[Bill Meier <wmeier () newsguy com>]

Kevin Wilson wrote:
> Hello,
> I want to use wireshark sniffer for analyzing TCP fragmented traffic.
>   I had written a small TCP client-server app, which creates large
> packets (over 20 K) and sends them.
> When I tried to sniff the traffic with wireshark, I saw single
> packets, and no sign of fragmentation
> (like ip frag_offset field, or ip more fragments field).
> (I know for sure that the PMTU between client and server is 1500.)
>
> Any ideas why ? or maybe my application is not good and I can use
> existing applications?

What you're seeing is as expected and is the way TCP/IP works.

In general, IP fragmentation is not desirable.

TCP when sending from a host uses a "Maximum Segment Size" (MSS) related 
to the MTU so that no IP fragmentation will be needed.

See MSS on http://en.wikipedia.org/wiki/Transmission_Control_Protocol 
(for example) for more details.

I haven't played around with this for a long time, but I do seem to 
remember that you *might* be able to force IP fragmentation by fiddling 
with MSS or MTU. Using a socket option ? Configuring the TCP/IP stack ?
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe