Clicky

Troubleshooting MTU Problems With Wireshark

By Kary | case study

Jul 22

I mean what can I say about this one? Dude had been trying figure out the problem for a month. With a pcap I could see the problem right away. Learn how to do packet analysis, you guys.

Share this post! Spread the packet gospel!

Facebooktwittergoogle_plusredditlinkedinmail
Follow

About the Author

I like being the hero. Being able to drop a bucket of root cause analysis on a burning network problem has made me a hero (to some people) and it feels real good, y’all. Get good at packet analysis and be the hero too. I also like french fries.

Leave a Comment:

(5) comments

Vladimir July 23, 2015

Hi Kary, thanks for the video!
It’s interesting also that further in the trace sender actually started using TSO (64512 Bytes TCP segment length).
And throughout all the trace receiver acknowledged every 5120-Bytes chunk (which is 512×10) using one ACK only.

Reply
    Kary July 23, 2015

    Yes, good spot, TSO is used later. I was going to discuss how to tell if it’s a jumbo frame or TSO, but thought I’d save it for anther time.

    Reply
      David July 23, 2015

      You mention the DF Bit and explain that any intermediate device dropping that packet should send an ICMP unreachable.

      This is only the case if the intermediate device is acting as L3. This appears to be a misconfiguration on the switching layer, especially given the source and destination addresses being within the same subnet.

      Dave

      Reply
        Kary July 23, 2015

        Good catch, Dave! Didn’t think of that

        Reply
Leonard Kirchner October 18, 2016

Stay frosty!! Love your vids…they help so much.

Reply
Add Your Reply

Leave a Comment: