PMTU Discovery capture

asked 2023-01-20 20:50:43 +0000

AL gravatar image

updated 2023-01-21 08:21:10 +0000

Jaap gravatar image

I am trying to capture PMTU Disovery using ping on a Windows client as below

ping <ip addrerss> -f -l 1480

The above command will return "Packet needs to be fragmented but DF set" (as I expected). However in the Wireshark trace I can not see this packet, I would expect to see a destination host unreachable ICMP packet

When I do a ping without the fragemented packet, I can see the ICMP capture in Wireshark.

Am I correct in thinking a firewall/router etc is dropping the ICMP packet hence not in the trace file

1 Answer

answered 2023-01-21 08:34:07 +0000

Jaap gravatar image

The network stack is running into a MTU limitation right at the very first interface, the one you try to send out of. Therefore the packet doesn't even leave the interface and therefore cannot be captured.

Asked: 2023-01-20 20:50:43 +0000

Seen: 486 times

Last updated: Jan 21 '23