IP fragmentation is an Internet Protocol (IP) process that breaks packets into smaller pieces (fragments), so that the resulting pieces can pass through a link with a smaller maximum transmission unit (MTU) than the original packet size. The fragments are reassembled by the receiving host.
Fragmentation. Because packets and fragments may be delivered out of order, the packet ID field (16 bits) is used to distinguish between fragments belonging to different packets. Fragments with the same ID can be assumed to belong to the same packet. The sender is responsible for making the packet ID unique.
Fragmentation is done by the network layer when the maximum size of datagram is greater than maximum size of data that can be held in a frame i.e., its Maximum Transmission Unit (MTU). The network layer divides the datagram received from the transport layer into fragments so that data flow is not disrupted.
It's what tells the reassembling device which fragments make up the original packet. Fragment offset - once all the fragments have been received, they need to be put back in the correct order.
I want to capture UDP packets which are destined to a local port, the filtering expression is like udp port 20000
. I notice if there are IP fragmentation on a UDP packet, libpcap can only capture the first IP fragment. I guess the reason is the second IP fragment are not with UDP header(I think it is the same for TCP), so libpcap can't capture them using the filter express udp port 20000
.
are there any workaround for this? or any other libraries which can capture packets destined to a specific local port?
thanks!
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With