Troubleshooting MTU Problems With Wireshark

By Kary | case study

Jul 22

I mean what can I say about this one? Dude had been trying figure out the problem for a month. With a pcap I could see the problem right away. Learn how to do packet analysis, you guys.

Share this post! Spread the packet gospel!


About the Author

I like being the hero. Being able to drop a bucket of root cause analysis on a burning network problem has made me a hero (to some people) and it feels real good, y’all. Get good at packet analysis and be the hero too. I also like french fries.

Leave a Comment:

(6) comments

Vladimir July 23, 2015

Hi Kary, thanks for the video!
It’s interesting also that further in the trace sender actually started using TSO (64512 Bytes TCP segment length).
And throughout all the trace receiver acknowledged every 5120-Bytes chunk (which is 512×10) using one ACK only.

    Kary July 23, 2015

    Yes, good spot, TSO is used later. I was going to discuss how to tell if it’s a jumbo frame or TSO, but thought I’d save it for anther time.

      David July 23, 2015

      You mention the DF Bit and explain that any intermediate device dropping that packet should send an ICMP unreachable.

      This is only the case if the intermediate device is acting as L3. This appears to be a misconfiguration on the switching layer, especially given the source and destination addresses being within the same subnet.


        Kary July 23, 2015

        Good catch, Dave! Didn’t think of that

Leonard Kirchner October 18, 2016

Stay frosty!! Love your vids…they help so much.

Andrew February 2, 2017

Great video, thanks for putting out videos that aren’t boring. No disrespect to the WCNA website and its required learning credits but my gosh do they make me tired.

Add Your Reply

Leave a Comment: