Kevin Wilson wrote:
Hello,
I want to use wireshark sniffer for analyzing TCP fragmented traffic.
I had written a small TCP client-server app, which creates large
packets (over 20 K) and sends them.
When I tried to sniff the traffic with wireshark, I saw single
packets, and no sign of fragmentation
(like ip frag_offset field, or ip more fragments field).
(I know for sure that the PMTU between client and server is 1500.)
Any ideas why ? or maybe my application is not good and I can use
existing applications?
What you're seeing is as expected and is the way TCP/IP works.
In general, IP fragmentation is not desirable.
TCP when sending from a host uses a "Maximum Segment Size" (MSS) related
to the MTU so that no IP fragmentation will be needed.
See MSS on http://en.wikipedia.org/wiki/Transmission_Control_Protocol
(for example) for more details.
I haven't played around with this for a long time, but I do seem to
remember that you *might* be able to force IP fragmentation by fiddling
with MSS or MTU. Using a socket option ? Configuring the TCP/IP stack ?
