This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

MTU Size value

0

Hi, sorry for the "beginners" question :)

I´ve a appliance that works as a transparent bridge. I wanted to know, if i can use wireshark in order to know which is the MTU value that is received by the bridge (i´ve been having issues in regards http latency, and i want to know if this could be network related.

I´m using this filter: tcp.flags.syn== 1 and tcp.flags.ack==1 and tcp.port==80

Thanks in advance, RPLF

asked 22 May '12, 02:02

ruiplf's gravatar image

ruiplf
1111
accept rate: 0%

2 Answers:

1

a bridge should not modify the packet size (or do any fragmentation). If you want to know if the bridge is actually modifying the packets, you should sniff in front of the bridge and behind it, then compare the two captures files. Sniffing only at one "collection point" (client or server) makes it hard to detect any modification.

If you compare the capture files look at the packet size. You can do this, by adding a column in the packet list view.

Edit -> Preferences -> Columns -> Add -> Field type: Packet length (bytes).

Regards
Kurt

answered 22 May '12, 03:27

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 22 May '12, 03:30

0

I'm not sure sniffing traffic is the best way to test for MTU size... I'd use a tool like 'tracepath' to verify the path MTU. See: http://packetlife.net/blog/2008/aug/18/path-mtu-discovery/

HTH, Will

answered 23 May '12, 05:59

willdennis's gravatar image

willdennis
6113
accept rate: 0%

a bridge/switch is a layer 2 device and would not answer to PMTU probes.

(23 May '12, 06:38) Kurt Knochner ♦