First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

how could a packet size can be 2846 bytes ?

  • retag add tags

Hi

just can not figure out how could a packet size can be 2846 bytes ? because mtu should be 1500

asked 2018-06-03 13:58:52 +0000
This post is a wiki. Anyone with karma >750 is welcome to improve it.
edit flag offensive 0 remove flag close merge delete

Comments

was the packet captured from your computer and is the packet from your mac/ip address?

thetechfirm's avatar thetechfirm (2018-06-03 16:14:41 +0000) edit
more
  • delete

yes the packet is captured from my pc and mac address is alsow from my computer address

bianmingkai's avatar bianmingkai (2018-06-03 22:43:34 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

If you capture on a host and segmentation offloading is enabled then the sending packets can be larger than the MTU. For receiving packets the parameter is called Receive Side Coalescing.

For a deeper dive please see here: https://blog.packet-foo.com/2014/05/t...

Christian_R's avatar
2.1k
Christian_R
answered 2018-06-03 17:37:13 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Hi There , As per the suggested post ,when Packets are going out then there will be segmentation offloading , but what if incoming packet size is also greater than 1518 e.g. https://drive.google.com/open?id=1OnB... Here is my wireshark capture where I have received packet(packet no. 441) from google server. The packet size here is 2762. Please also suggest how to calculate TCP checksum for such a large packet because normal method of calculating checksum with (pseudo header+tcp header +tcp data ) is giving me wrong answer here.Is there any additional condition for large packet while calculating checksum. Thanks in advance.....

rohan's avatar rohan (2018-06-03 19:53:34 +0000) edit
more
  • delete

but what if incoming packet size is also greater than 1518

To quote Christian_R:

For receiving packets the parameter is called Receive Side Coalescing.

Guy Harris's avatar Guy Harris (2018-06-03 20:02:02 +0000) edit
more
  • delete

Is there any additional condition for large packet while calculating checksum.

Yes. The additional condition is "you have to figure out what the original TCP segments were that the segmentation offloading, or receive-side coalescing, combined, and reconstruct them, complete with their IP headers and TCP headers, and calculate the TCP checksums of those packets".

This is probably impossible.

Guy Harris's avatar Guy Harris (2018-06-03 20:03:43 +0000) edit
more
  • delete

Hey Thanks ,Now I understand the 'Receive Side Coalescing' concept as well. I have one more query ,If I wanna send packet of size greater than 1518 bytes then will I be calculating checksum(sending packet via raw sockets) over entire packet and then let my NIC handle segmentation offloading and checksum recalculation for me ?Or my calculated checksum doesn't matter at all and NIC will ignore my checksum and do stuff by its own.

rohan's avatar rohan (2018-06-03 20:21:13 +0000) edit
more
  • delete

here is a nice doc about segmentation offloading https://docs.microsoft.com/en-us/wind...

Christian_R's avatar Christian_R (2018-06-03 21:04:33 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer