Ethereal

RE: [Ethereal-users] Reassembled PDU's
Google
 
Web Ethereal.com

Home | Introduction | Documentation | Lists | FAQ | Development | Wiki | Bugs

Main Index | Thread Index | Mailing Lists | | Date Prev | Date Next | Thread Prev | Thread Next

Ethereal-users: March 2006

 

Hi LEGO,

Sorry, should've mentioned that I've already looked at MTU being the
problem.

I set the max MTU on the server to 1350 to allow for the extra
header/data that was added on. This seems to be working correctly as the
max frame size I'm seeing is now 1350.

What confuses me is that the 'reassembled PDU' packets are coming from
the server at source, ie directly from the server before they hit the
router.

If the packets *are* fragmented (which is what I don't fully understand,
the DF flag is set but Ethereal reports them as a 'reassembled PDU')
then it seems that they are being fragmented by the server. I'm really
looking for an explanation of 'reassembled PDU' so I can understand what
I'm seeing.

Thanks,
DB

-----Original Message-----
From: ethereal-users-bounces@xxxxxxxxxxxx
[mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of LEGO
Sent: 02 March 2006 03:11
To: Ethereal user support
Subject: Re: [Ethereal-users] Reassembled PDU's

VPN routers usually do some kind of tunnelling, which uses a part of
the payload of the packet so a full packet from the server might not
fit into a single packet after the router:

S --(1500)-->FW--(1500)-->R--(2 frags: (1500 - 20) + (20) )-->R--(2
fragmented packets)-->C

You could try reducing the MTU of the server (and/or the FW depending
which role it plays) to something the Encapsulated tunnel can handle.

S --(1480)-->FW--(1480)-->R--(1480)-->R--(1480)-->C


On 3/1/06, Danny Brett <danny@xxxxxxxxxx> wrote:
>
>
>
> Hi all,
>
>
>
> I'm monitoring a problem application and am seeing a lot of
'reassembled
> PDU' frames from the server back to the client.
>
>
>
> The network looks like this:
>
>
>
> Server --- Firewall --- VPN Router --- WAN --- VPN Router --- Client
>
>
>
> I'm monitoring between the firewall and the router and/or server and
> firewall.
>
>
>
> These frames are not at the maximum MTU size, some are as small as 60
bytes.
> Am I right in thinking the 'reassembled PDU' message is stating that
the
> frame is part of a larger segment or that this a fragmented frame?
>
>
>
> I think I understand what's going on but thought I would call on the
wisdom
> of ethereal-users to help me out! :o)
>
>
>
> Thanks.
>
> DB


The above information is confidential to the addressee and may be privileged. Unauthorised access and use is prohibited. Internet communications are not secure and therefore this Company does not accept legal responsibility for the contents of this message. If you are not the intended recipient, any disclosure, copying, distribution, or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. The sender does not accept any responsibility for viruses and it is your responsibility to scan the email and any attachments.

Powered by MHonArc 2.6.10

Please send support questions about Ethereal to the ethereal-users[AT]ethereal.com mailing list.
For corrections/additions/suggestions for this web page (and not Ethereal support questions), please send email to ethereal-web[AT]ethereal.com.
Last modified: Fri, November 10 2006.
"Ethereal" and the "e" logo are registered trademarks of Ethereal, Inc.