TCP segment of a reassembled PDU

Others 2022-04-28 16:55:24 views: 0

 

The "TCP segment of a reassembled PDU" prompt often appears when capturing packets in wireshark under windows:

pdu 

 

You can remove the prompt by unchecking this option in wireshark's Edit --> Preferences --> Protocols/TCP --> Allow subdissector to reassemble TCP streams:

continue 

 

 

Most of the reprinted articles on the Internet are arguing that the ACK sequence number of the TCP segment of a reassembled PDU is the same, so the display prompt has nothing to do with the ACK.

The crux of the problem is that the length of the message is 2194 bytes, which has exceeded the size of 1500 of the MTU, so the TCP segment is prompted.

 

MTU Max Transmit Unit, 1500, viewable via ifconfig

MSS Max Segment  Size,1460=1500-20-20

PDU Protocol Data Unit

The maximum packet length transmitted by the NIC is 1514 bytes=MTU+Ether=1500+14

 

The question is, why is the 2194-byte packet normal, and why does it not go through IP fragmentation?

Because modern OS supports the network offload (TSO) function, the NIC replaces the CPU to implement packet segmentation and merging, saving system resources and allowing the system to handle more connections.

TSO TCP Segment Offload

LSO Large Segment Offload

GSO Generic Segment Offload 

LRO Large Receive Offload

RSC Receive Segment Coalescing 

 

Sending process:

Many operating systems and NIC drivers support TCP Segmentation Offload (TSO) aka Large Segment Offload (LSO) aka Generic Segment Offload (GSO). What this means is that the TCP stack sends a chunk of data for the NIC to break up into Maximum Segment Size (MSS) pieces to send on the network. TCP might hand the NIC 16k of data and the NIC will break it into MSS sized bites: 11 segments of 1460 bytes and one segment of the remaining 324 bytes. This offloads the task to the NIC and saves overhead on the host’s resources. It’s a performance thing.

   When the TCP stack sends large chunks of data, it is the NIC that does the segmentation. This feature may improve transfer performance because adapter hardware completes data segmentation much faster than operating system software. Also, the adapter uses less CPU resources.

 

Receiving process:

Large Receive Offload (LRO) or Receive Segment Coalescing (RSC). The is the same thing but in reverse. The NIC coalesces TCP segments it receives from a remote host into larger packets before sending them up to the TCP stack.

   The process is the opposite of sending, where the NIC combines the received data into large packets and sends them to the TCP/IP stack. As shown in the figure, wireshark works between the NIC and the protocol stack, and captures the data on the network card. At this time, the length of the data packet may be greater than the MTU.

 

location

 

 

Reference link:

http://packetbomb.com/how-can-the-packet-size-be-greater-than-the-mtu/

http://rtodto.net/generic_segmentation_offload_and_wireshark/

https://en.wikipedia.org/wiki/Large_receive_offload 

 

 

 

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=326453624&siteId=291194637
Recommended
Ranking
Swapping case of a single alphabetical word
From PoS evolution SPoS: no energy consensus mechanism
Android developers in Eleven: RGB and Raw RGB What is the difference? camera shutter shutter
How to apply high-tech enterprises preferential tax policies
The first Hello World!
Local debugging applet embedded web-view
Summary of the leadership class on Monday morning [Chapter 2]
LeetCode:. 2 reports two numbers together and problem-solving algorithm optimization ideas
Two ways for VirtualBox to let the host connect to the VPN through the virtual machine
The newly released Meituan three-sided R&D post, see how I can successfully get an offer
Daily
More
2024-05-26(0)
2024-05-25(3)
2024-05-24(12)
2024-05-23(35)
2024-05-22(9)
2024-05-21(35)
2024-05-20(5)
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)

Code World

© 2018 codetd.com