Ask Your Question

Revision history [back]

TCP packet length was much greater than MTU

Refering to this question in the old Wireshark forum:

The issue is: Wireshark shows TCP frame length being much greater than the maximum TCP frame length of 1500 bytes.

The explanation is: "Probably you captured on the host that transmitted the oversized packet, and TCP Large Segment Offload [TSO] is enabled"

Now I found a good tutorial on how to disable TOS on Linux and I want to share it with you:

sudo apt install ethtool
ethtool --show-offload  eth0  //shows, if tcp-segmentation-offload is enabled
sudo ethtool -K eth0 gso off
sudo ethtool -K eth0 tso off

I experienced the same just the other way around on the receiving client side, the reason for that was Large Receive Offload [LRO]. It can be disabled like this:

sudo ethtool -K eth0 tso off

Note that this step is only possible, when LRO isn't set as [FIXED]. You can check this with:

ethtool --show-offload  eth0
large-receive-offload: on [fixed]  //check in the output