Wireshark mailing list archives
Re: Wireshark-users Digest, Vol 48, Issue 1
From: <Lecointe_Nicolas () emc com>
Date: Sat, 1 May 2010 17:47:47 -0400
Message: 5 Date: Sat, 1 May 2010 09:02:49 +0300 From: Kevin Wilson <wkevils () gmail com> Subject: [Wireshark-users] TCP fragmentation and wireshark To: wireshark-users () wireshark org Message-ID: <v2l55c333c1004302302hab7a6b4amb3d3effbe9603f80 () mail gmail com> Content-Type: text/plain; charset=ISO-8859-1
Hello, I want to use wireshark sniffer for analyzing TCP fragmented traffic. I had written a small TCP client-server app, which creates large packets (over 20 K) and sends them. When I tried to sniff the traffic with wireshark, I saw single packets, and no sign of fragmentation (like ip frag_offset field, or ip more fragments field). (I know for sure that the PMTU between client and server is 1500.) Any ideas why ? or maybe my application is not good and I can use existing applications? rgs, Kevin
The fragmentation is done at the IP layer, not at TCP layer. An IP hosts does not fragment TCP traffic because TCP uses sequence number. Only router does it when the IP packet received on an interface is too large to be send on another interface (received from token-ring and routed on ethernet for example). UDP traffic is very often fragmented because there is no sequence number. If you send 20KB on UDP, only 1 UDP message is sent, but fragmented on multiple IP packets. Hope this help. Nicolas ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Wireshark-users Digest, Vol 48, Issue 1 Lecointe_Nicolas (May 01)