TCP/IP MTU and MSS

30 pts.
Tags:
TCP
TCP/IP
In my LAN, the MTU is 1500, and hosts A and b have an MSS of 1460. By testing and analysing with Fireshark I sent a 4000-byte long TCP segment from host A to host B in my LAN, but the segment came in full (the 4k bytes came in one piece). Shouldn't the 4k byte segments be broken into 1460-byte pieces according to the MSS? The IP Don't Fragment Flag was set, but how come a message this length being sent in one piece with this MTU and MSS?

Software/Hardware used:
FireShark

Answer Wiki

Thanks. We'll let you know when a new response is added.

How are you writing the 4000-byte TCP segment? Are you using some packet generation software which can modify the TCP headers? What does the TCP header options show in the 3-way handshake? Also, is this capture on the SENDING or the RECEIVING system? It may be that you are seeing the packets before they hit the wire and are fragmented when reaching the destination. Try capturing on both sides and see if the results are similar.

I have seen large packets like this in a LAN environment between Windows hosts where a router is not crossed. You may also take a look at your switch port stats (if they are capable of being managed) and see how many packets go into the >1500 byte packet stats.

Discuss This Question: 3  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Sixball
    Just a quick question, did you intentionally mention FIRESHARK, or were you elluding to WIRESHARK - as they do completely different functions.. Also, please post some of the output of your analyzer so we can better assist you
    8,705 pointsBadges:
    report
  • BUCHANKAS
    Hey, sorry about the delay, I have been very busy at work. And sorry, I meant WIRESHARK!! Don't know where I got this fire from... It would take sometime to mount the setup again to print an output. Do you really think that would be necessary? Basically, the question is why host A is sending host B (and vice-versa) a TCP segement with over 4000 bytes within my LAN, since the LAN IP MTU size is 1500 bytes and TCP MSS is 1460. Shouldn't this segment be broken into 1460 or 1500 pieces? In Wireshark it shows just a single message with 4000-byte long received. Also, the jumbo packet feature in my ethernet adapter is set to 1514 bytes. Thanks!
    30 pointsBadges:
    report
  • BUCHANKAS
    " It may be that you are seeing the packets before they hit the wire and are fragmented when reaching the destination. Try capturing on both sides and see if the results are similar. " That was it! The capture was at the sending device, which I thought Wireshark would show them already divided into pieces, but it only shows the segments divided in the receiving device! Thanks a lot!! Also, if the MSS should be at 536, is it possible that a single IP packet could contain two TCP segments or each IP packet must contatain exactly one TCP segment? Thanks again
    30 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following