Wireshark-users: Re: [Wireshark-users] TCP fragmentation and wireshark
From: Abhijit Bare <abhibare@xxxxxxxxx>
Date: Sun, 2 May 2010 23:36:14 -0600
Extending this answer, Linux allows setting a different MTU on LAN ports. You can try increasing the MTU. If TCP adjusts automatically to newly set MTU, you can try setting up another Linux server as a router between your client and server and having a smaller MTU on the LAN ports of the router. That will probably force IP fragmentation.

- Abhijit

On Sat, May 1, 2010 at 8:27 AM, Bill Meier <wmeier@xxxxxxxxxxx> wrote:
Kevin Wilson wrote:
> Hello,
> I want to use wireshark sniffer for analyzing TCP fragmented traffic.
>   I had written a small TCP client-server app, which creates large
> packets (over 20 K) and sends them.
> When I tried to sniff the traffic with wireshark, I saw single
> packets, and no sign of fragmentation
> (like ip frag_offset field, or ip more fragments field).
> (I know for sure that the PMTU between client and server is 1500.)
>
> Any ideas why ? or maybe my application is not good and I can use
> existing applications?
>

What you're seeing is as expected and is the way TCP/IP works.

In general, IP fragmentation is not desirable.

TCP when sending from a host uses a "Maximum Segment Size" (MSS) related
to the MTU so that no IP fragmentation will be needed.

See MSS on http://en.wikipedia.org/wiki/Transmission_Control_Protocol
(for example) for more details.

I haven't played around with this for a long time, but I do seem to
remember that you *might* be able to force IP fragmentation by fiddling
with MSS or MTU. Using a socket option ? Configuring the TCP/IP stack ?
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe