Ask Your Question
0

how could a packet size can be 2846 bytes ?

asked 2018-06-03 13:58:52 +0000

this post is marked as community wiki

This post is a wiki. Anyone with karma >750 is welcome to improve it.

Hi

just can not figure out how could a packet size can be 2846 bytes ? because mtu should be 1500

edit retag flag offensive close merge delete

Comments

was the packet captured from your computer and is the packet from your mac/ip address?

thetechfirm gravatar imagethetechfirm ( 2018-06-03 16:14:41 +0000 )edit

yes the packet is captured from my pc and mac address is alsow from my computer address

bianmingkai gravatar imagebianmingkai ( 2018-06-03 22:43:34 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-06-03 17:37:13 +0000

Christian_R gravatar image

If you capture on a host and segmentation offloading is enabled then the sending packets can be larger than the MTU. For receiving packets the parameter is called Receive Side Coalescing.

For a deeper dive please see here: https://blog.packet-foo.com/2014/05/t...

edit flag offensive delete link more

Comments

Hi There , As per the suggested post ,when Packets are going out then there will be segmentation offloading , but what if incoming packet size is also greater than 1518 e.g. https://drive.google.com/open?id=1OnB... Here is my wireshark capture where I have received packet(packet no. 441) from google server. The packet size here is 2762. Please also suggest how to calculate TCP checksum for such a large packet because normal method of calculating checksum with (pseudo header+tcp header +tcp data ) is giving me wrong answer here.Is there any additional condition for large packet while calculating checksum. Thanks in advance.....

rohan gravatar imagerohan ( 2018-06-03 19:53:34 +0000 )edit

but what if incoming packet size is also greater than 1518

To quote Christian_R:

For receiving packets the parameter is called Receive Side Coalescing.

Guy Harris gravatar imageGuy Harris ( 2018-06-03 20:02:02 +0000 )edit

Is there any additional condition for large packet while calculating checksum.

Yes. The additional condition is "you have to figure out what the original TCP segments were that the segmentation offloading, or receive-side coalescing, combined, and reconstruct them, complete with their IP headers and TCP headers, and calculate the TCP checksums of those packets".

This is probably impossible.

Guy Harris gravatar imageGuy Harris ( 2018-06-03 20:03:43 +0000 )edit

Hey Thanks ,Now I understand the 'Receive Side Coalescing' concept as well. I have one more query ,If I wanna send packet of size greater than 1518 bytes then will I be calculating checksum(sending packet via raw sockets) over entire packet and then let my NIC handle segmentation offloading and checksum recalculation for me ?Or my calculated checksum doesn't matter at all and NIC will ignore my checksum and do stuff by its own.

rohan gravatar imagerohan ( 2018-06-03 20:21:13 +0000 )edit

here is a nice doc about segmentation offloading https://docs.microsoft.com/en-us/wind...

Christian_R gravatar imageChristian_R ( 2018-06-03 21:04:33 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

2 followers

Stats

Asked: 2018-06-03 13:58:52 +0000

Seen: 1,246 times

Last updated: Jun 05 '18