Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: TCP fragmentation and wireshark

From: Abhijit Bare <abhibare () gmail com>
Date: Sun, 2 May 2010 23:36:14 -0600
Extending this answer, Linux allows setting a different MTU on LAN ports.
You can try increasing the MTU. If TCP adjusts automatically to newly set
MTU, you can try setting up another Linux server as a router between your
client and server and having a smaller MTU on the LAN ports of the router.
That will probably force IP fragmentation.

- Abhijit

On Sat, May 1, 2010 at 8:27 AM, Bill Meier <wmeier () newsguy com> wrote:


Kevin Wilson wrote:

Hello,
I want to use wireshark sniffer for analyzing TCP fragmented traffic.
  I had written a small TCP client-server app, which creates large
packets (over 20 K) and sends them.
When I tried to sniff the traffic with wireshark, I saw single
packets, and no sign of fragmentation
(like ip frag_offset field, or ip more fragments field).
(I know for sure that the PMTU between client and server is 1500.)

Any ideas why ? or maybe my application is not good and I can use
existing applications?



What you're seeing is as expected and is the way TCP/IP works.

In general, IP fragmentation is not desirable.

TCP when sending from a host uses a "Maximum Segment Size" (MSS) related
to the MTU so that no IP fragmentation will be needed.

See MSS on http://en.wikipedia.org/wiki/Transmission_Control_Protocol
(for example) for more details.

I haven't played around with this for a long time, but I do seem to
remember that you *might* be able to force IP fragmentation by fiddling
with MSS or MTU. Using a socket option ? Configuring the TCP/IP stack ?
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org
?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: