During the data analysis process, the client packet greater than the size of the Ethernet standard. Can help explain why. https://www.cloudshark.org/captures/8e164cd10b06 thank you. asked 15 Apr '13, 04:39  mengsunny |
One Answer:
You captured on the PC with the IP address 21.235.28.153, which had "TCP large send offloading" activated in the network card driver. That means that the CPU will push large chunks of data to the network card, where it will be segmented into valid sizes - but that only happens after Wireshark already recording it. Capture on the other system to see that valid packets arrive, or turn of network card acceleration settings like Large Send Offload and CRC calculation (which means slowing down your PC, which is usually not a good idea). answered 15 Apr '13, 04:46  Jasper ♦♦ |
Adjust the MTU value of the client, the problem has been resolved, but the large size of the package still exists, but does not need to be fragmented. Can you help explain why? https://www.cloudshark.org/captures/ba5845e9e8c7
This has nothing to do with MTU. This is TCP segmentation, so on a totally different layer.
I.e., if you want to see the packets as they appear on the network, rather than as they are supplied to Wireshark by the system on which you're running Wireshark, you would either need to capture on another machine (so that you see packets captured from the wire rather than packets wrapped around to Wireshark in software) or turn off the TCP segmentation offload (so that the packets that get wrapped around to Wireshark in software look more like packets as they'll be transmitted on the wire).
Nothing you did with the MTU would have any effect on that.
Capturing packets do not see this on the server side. Thank you very much help.