The "TCP segment of a reassembled PDU" prompt often appears when capturing packets in wireshark under windows:
You can remove the prompt by unchecking this option in wireshark's Edit --> Preferences --> Protocols/TCP --> Allow subdissector to reassemble TCP streams:
Most of the reprinted articles on the Internet are arguing that the ACK sequence number of the TCP segment of a reassembled PDU is the same, so the display prompt has nothing to do with the ACK.
The crux of the problem is that the length of the message is 2194 bytes, which has exceeded the size of 1500 of the MTU, so the TCP segment is prompted.
MTU Max Transmit Unit, 1500, viewable via ifconfig
MSS Max Segment Size,1460=1500-20-20
PDU Protocol Data Unit
The maximum packet length transmitted by the NIC is 1514 bytes=MTU+Ether=1500+14
The question is, why is the 2194-byte packet normal, and why does it not go through IP fragmentation?
Because modern OS supports the network offload (TSO) function, the NIC replaces the CPU to implement packet segmentation and merging, saving system resources and allowing the system to handle more connections.
TSO TCP Segment Offload
LSO Large Segment Offload
GSO Generic Segment Offload
LRO Large Receive Offload
RSC Receive Segment Coalescing
Sending process:
Many operating systems and NIC drivers support TCP Segmentation Offload (TSO) aka Large Segment Offload (LSO) aka Generic Segment Offload (GSO). What this means is that the TCP stack sends a chunk of data for the NIC to break up into Maximum Segment Size (MSS) pieces to send on the network. TCP might hand the NIC 16k of data and the NIC will break it into MSS sized bites: 11 segments of 1460 bytes and one segment of the remaining 324 bytes. This offloads the task to the NIC and saves overhead on the host’s resources. It’s a performance thing.
When the TCP stack sends large chunks of data, it is the NIC that does the segmentation. This feature may improve transfer performance because adapter hardware completes data segmentation much faster than operating system software. Also, the adapter uses less CPU resources.
Receiving process:
Large Receive Offload (LRO) or Receive Segment Coalescing (RSC). The is the same thing but in reverse. The NIC coalesces TCP segments it receives from a remote host into larger packets before sending them up to the TCP stack.
The process is the opposite of sending, where the NIC combines the received data into large packets and sends them to the TCP/IP stack. As shown in the figure, wireshark works between the NIC and the protocol stack, and captures the data on the network card. At this time, the length of the data packet may be greater than the MTU.
Reference link:
http://packetbomb.com/how-can-the-packet-size-be-greater-than-the-mtu/
http://rtodto.net/generic_segmentation_offload_and_wireshark/
https://en.wikipedia.org/wiki/Large_receive_offload