hello, I'm wondering why I'm not able to ping a remote host with a larger packet size than the MTU allowed on the link (ping remote_host -l 1500 -f). The "f" flag is not allowing fragmentation. So when running the ping command I'm receiving msg that packets need to be fragmented and this is ok for me. But I have a trace file between my laptop and the remote server and I can see both exchange packets up to 6000 bytes in size even though I can see the DF bit flag set as well ....
BR Adam asked 10 Feb '16, 10:31  adasko edited 10 Feb '16, 10:39 |
Can anyone please explain why is that ?
One Answer:
Probably because of this: https://blog.packet-foo.com/2014/05/the-drawbacks-of-local-packet-captures/ answered 10 Feb '16, 10:51  Jasper ♦♦ showing 5 of 6 show 1 more comments |
Hi Jasper,
Thank you for the comment. Does it also count when I was simulating on two VMware Workstation VM's? I mean especially the Offloading stuff ?
BR
Adam
Whenever you're not using a dedicated capture device you can run into symptoms like oversized packets, crc errors etc.
dedicated device you mean like a TAP or any device running Wireshark ?
TAP, SPAN, it all works as long as you're not capturing on the device creating the packets ;-)
so it could be even a dedicated laptop with Wireshark on it ? If yes, does the NIC have to specifically configured ?
yes, a dedicated laptop is enough. It's usually a good idea to disable all protocol bindings from the capture card to prevent it from adding packets to the capture.