Hi to all, I red in RFC 791 that: * "The internet fragmentation and reassembly procedure needs to be able to break a datagram into an almost arbitrary number of pieces that can be later reassembled. The receiver of the fragments uses the identification field to ensure that fragments of different datagrams are not mixed. The fragment offset field tells the receiver the position of a fragment in the original datagram. The fragment offset and length determine the portion of the original datagram covered by this fragment. The more-fragments flag indicates (by being reset) the last fragment. These fields provide sufficient information to reassemble datagrams."*
But, when I launch a traceroute with byte size of 3000, and so my packets been splitted, I notice a strange behavior in fragmentation flags; Every packet been fragmented in 3 parts:
1480 bytes,
1480 bytes,
and a small one of the remaining 40 bytes (only data, not considering headers etc.).
In this 3 fragments I have, respectively, this Fragmentation Flags:
Flags: 0x20, More fragments 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..1. .... = More fragments: Set Fragment Offset: 0
Flags: 0x20, More fragments 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..1. .... = More fragments: Set Fragment Offset: 1480
Flags: 0x01 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set Fragment Offset: 2960
My question is: Why, in the last fragment, flag is 0x01 and not 0x00, like in the others, smaller packets that not being fragmented in the path? (Sorry for my bad english).
Thank you to all who can help me understand this