Ethereal

Re: [Ethereal-users] ethereal not capturing oversized Ping packet with Don't Fragment bit
Google
 
Web Ethereal.com

Home | Introduction | Documentation | Lists | FAQ | Development | Wiki | Bugs

Main Index | Thread Index | Mailing Lists | | Date Prev | Date Next | Thread Prev | Thread Next

Ethereal-users: February 2006

 

Daniel Wang wrote:

When I turned on ethereal, it only captured the successful ICMP echo request/reply packets. There was no trace of the attempt using the oversize packets. Why is that? 

Perhaps because no such attempt was made.

Obviously the router generated the error because it couldn’t fragment the packets. 

It's not obvious that the errors are from the router.  I tried

	ping {my ISP's Web server} -l 1600 -f

on a Windows XP "machine" (Virtual PC on my Mac), and it printed "Packet needs to be fragmented but DF set." messages. It's unlikely that those packets ever made it onto the Ethernet, as 1600 is bigger than the Ethernet MTU; running Ethereal on the Mac didn't reveal any pings, but pinging with "-l 1200" did.

It's not *guaranteed* that the errors come from the Windows networking stack not even bothering to send the packet, given that it probably has no idea that there's MPLS on the router (I assume that's what you mean by "mulitilayer switching") reducing the MTU due to MPLS overhead, but that's at least worth checking. What's the MTU on the interface the pings are going on.

Powered by MHonArc 2.6.10

Please send support questions about Ethereal to the ethereal-users[AT]ethereal.com mailing list.
For corrections/additions/suggestions for this web page (and not Ethereal support questions), please send email to ethereal-web[AT]ethereal.com.
Last modified: Fri, November 10 2006.
"Ethereal" and the "e" logo are registered trademarks of Ethereal, Inc.