I was working on an MTU problem and decided to bypass the application which took a significant amount of setup. Instead I figured I could use netcat on the client host to send a long UDP packet to an echo server on the server host. Sure enough when I sent a 1162 bytes of data (1162 + 20 + 8 = 1190 Total Length) I did NOT get 1162 bytes of data back. Instead I got only 1024 (1024 + 20 + 8 = 1052 Total Length).
So I figured something in the path was somehow fragmenting the packet incorrectly.
However, a trace taken with snoop on the actual echo server host tells the real tale. All 1190 bytes of data made it to the echo server which only echoed back 1052 bytes.
What did I learn
This trace taken at the client end was done with Wildpackets's Etherpeek.
Packet Info Flags: 0x00000000 Status: 0x00000001 Packet Length: 1208 Timestamp: 11:45:03.881569800 08/11/2005 Ethernet Header IP Header - Internet Protocol Datagram Version: 4 Header Length: 5 (20 bytes) Differentiated Services:%00000000 Total Length: 1190 Identifier: 63418 Fragmentation Flags: %000 Fragment Offset: 0 (0 bytes) Time To Live: 128 Protocol: 17 UDP Header Checksum: 0xE9CF Source IP Address: YYY.YYY.77.50 Dest. IP Address: XXX.XXX.220.130 UDP - User Datagram Protocol Source Port: 2281 lnvconsole Destination Port: 7 echo Length: 1170 UDP Checksum: 0x2806 Echo Protocol Echo Data: 1111111111111111 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 . . . FCS - Frame Check Sequence FCS: 0x9B669400 Calculated Packet Info Flags: 0x00000000 Status: 0x00000001 Packet Length: 1070 Timestamp: 11:45:04.003317800 08/11/2005 Ethernet Header IP Header - Internet Protocol Datagram Version: 4 Header Length: 5 (20 bytes) Differentiated Services:%00000000 Total Length: 1052 Identifier: 8501 Fragmentation Flags: %010 Fragment Offset: 0 (0 bytes) Time To Live: 55 Protocol: 17 UDP Header Checksum: 0xC9DF Source IP Address: XXX.XXX.220.130 Dest. IP Address: YYY.YYY.77.50 UDP - User Datagram Protocol Source Port: 7 echo Destination Port: 2281 lnvconsole Length: 1032 UDP Checksum: 0x37CF Echo Protocol Echo Data: 1111111111111111 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 . . . FCS - Frame Check Sequence FCS: 0x25CBE41C CalculatedThis trace taken at the server end was done with snoop
ETHER: ----- Ether Header ----- IP: ----- IP Header ----- IP: IP: Version = 4 IP: Header length = 20 bytes IP: Type of service = 0x00 IP: Total length = 1190 bytes IP: Identification = 63418 IP: Flags = 0x0 IP: Fragment offset = 0 bytes IP: Time to live = 123 seconds/hops IP: Protocol = 17 (UDP) IP: Header checksum = eecf IP: Source address = YYY.YYY.77.50 IP: Destination address = XXX.XXX.220.130 IP: No options IP: UDP: ----- UDP Header ----- UDP: UDP: Source port = 2281 UDP: Destination port = 7 (ECHO) UDP: Length = 1170 UDP: Checksum = 2806 UDP: ECHO: ----- ECHO: ----- ECHO: ECHO: "111111111111111111111111111111111111111111111111111111111111" ECHO: ETHER: ----- Ether Header ----- IP: ----- IP Header ----- IP: IP: Version = 4 IP: Header length = 20 bytes IP: Type of service = 0x00 IP: Total length = 1052 bytes IP: Identification = 8501 IP: Flags = 0x4 IP: Fragment offset = 0 bytes IP: Time to live = 60 seconds/hops IP: Protocol = 17 (UDP) IP: Header checksum = c4df IP: Source address = XXX.XXX.220.130 IP: Destination address = YYY.YYY.77.50 IP: No options IP: UDP: ----- UDP Header ----- UDP: UDP: Source port = 7 UDP: Destination port = 2281 UDP: Length = 1032 UDP: Checksum = 37CF UDP: ECHO: ----- ECHO: ----- ECHO: ECHO: "111111111111111111111111111111111111111111111111111111111111" ECHO: