Hi After IP Fragmentation two times (UDP not TCP ), I get the error Fragment Overlap: True , and then the host does not respond anymore.
Can you tell me please what can cause the fragment overlap in general ?
asked 13 Oct '17, 08:53
Without having looked at the specifics, the theory is that the sending host is chopping up the UDP packet into smaller parts to be able to transport is over the network to the other IP endpoint. For that purpose the IP header contains a payload length and offset, which allows the receiver's IP layer to put all pieces back together, like a jigsaw puzzle, into a complete UDP packet. When the sending host's IP layer miscalculates the offsets and/or lengths, the receiver will have jigsaw pieces that don't fit together, in this case there are overlapping parts. That will raise this error. So the cause is usually found in either the sending host's IP stack or any intervening network device which interacts at the IP layer, eg. NAT's.
answered 14 Oct '17, 02:18
edited 14 Oct '17, 07:01
Can you upload the PCAP? If you need to sanitize it first, use this tutorial: https://blog.packet-foo.com/2016/11/the-wireshark-qa-trace-file-sharing-tutorial/