This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Fragment Overlap: True , Via UDP

0

Hi After IP Fragmentation two times (UDP not TCP ), I get the error Fragment Overlap: True , and then the host does not respond anymore.

Can you tell me please what can cause the fragment overlap in general ?

Thanks alot

asked 13 Oct '17, 08:53

webtuto's gravatar image

webtuto
6223
accept rate: 0%

Can you upload the PCAP? If you need to sanitize it first, use this tutorial: https://blog.packet-foo.com/2016/11/the-wireshark-qa-trace-file-sharing-tutorial/

(13 Oct '17, 12:40) Jasper ♦♦

One Answer:

0

Without having looked at the specifics, the theory is that the sending host is chopping up the UDP packet into smaller parts to be able to transport is over the network to the other IP endpoint. For that purpose the IP header contains a payload length and offset, which allows the receiver's IP layer to put all pieces back together, like a jigsaw puzzle, into a complete UDP packet. When the sending host's IP layer miscalculates the offsets and/or lengths, the receiver will have jigsaw pieces that don't fit together, in this case there are overlapping parts. That will raise this error. So the cause is usually found in either the sending host's IP stack or any intervening network device which interacts at the IP layer, eg. NAT's.

answered 14 Oct '17, 02:18

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

edited 14 Oct '17, 07:01

sindy's gravatar image

sindy
6.0k4851