Hai, 1) Data is from A to B and ACK is from B to A 2) TCP sections got established with MSS as 1460 from both sides No Question: Q1) I understood, tcp segment will not send the data beyond 1460 bytes per segment, AM I right ??? Q2) I understood TCPDUMP and wire shark work at interface level, if soooooo How to capture the data at transport layer level ( Not at interface / wire level) ??? Regards Hai Jasper, Regarding Q2, I am sending 2800 Bytes of UDP data, for MTU size of 1500 data can be sent in two packets as it is going to fragmented by IP layer... I understood at transport layer data is one segment of 3000 bytes.... How i can capture data at transport layer (i.e before IP layer) After IP layer, using wireshark / TCP dump i can capture two packets... Regards asked 19 Apr '15, 23:48 srinu_bel edited 20 Apr '15, 02:16 |
One Answer:
1) yes. 2) both capture packets, not layers. So everything in a packet is recorded. answered 20 Apr '15, 02:05 Jasper ♦♦ |
Hai Jasper,
Regarding Q2,
I am sending 2800 Bytes of UDP data, for MTU size of 1500 data can be sent in two packets as it is going to fragmented by IP layer...
I understood at transport layer data is one segment of 3000 bytes.... How i can capture data at transport layer (i.e before IP layer)
After IP layer, using wireshark / TCP dump i can capture two packets...
Regards
I'm not sure I understand the question - do you try to capture the 2800 bytes in one block? If so, you can't do that with Wireshark/TCP dump on the Wire, because it looks at network packets, not application data blocks.
Though sometimes it works if you do local captures, but only for outgoing packets, and those are essentially capture errors.
P.S: please do not add comment and update your question with the same text, it makes the flow really hard to read.