38
4
While analyzing some traffic logs, I noticed a node pinging its gateway with a large ping packet size, ranging from 700 bytes to 1 MB. It's a constant ping from node to gateway and the size per ping is rather high. Does anyone know why this might be happening or if there is a benefit (possibly for testing purposes) to manipulating the PING size?
2Using a jumbo frame doesn't adequately validate that a jumbo frame will work. Most routers will simply fragment a larger frame if its MTU is lower (though some routers have options to discard in this instance). A ping using the don't fragment flag is more appropriate as it covers ALL instances where there is an interface with a smaller MTU than the packet sent. – MaQleod – 2014-07-02T18:41:56.173
1@MaQleod or it checks the fragmentation needed flag in the reply. – ratchet freak – 2014-07-02T20:05:39.573
1Some 10 years ago, I had to debug the default MTU of Windows, because the connection never worked to specific places. This was detectable by changing the ping packet size from the default value to bigger ones. Afaik 1500 was too much, and 1400 allowed normal operation (ADSL in Finland). – Juha Untinen – 2014-07-03T12:34:13.553
PPPoE (used often with DSL) adds an 8 byte header, so the MTU for PPPoE connections is typically 1492. – LawrenceC – 2014-07-04T00:01:33.627
@MaQleod It is quite clearly stated in the standards, that the decision about whether to fragment packets that were too large, is not to be made by routers. In IPv4 the sender decides if the packet is to be fragmented or if an error is to be returned to the sender. In IPv6 a router never fragments a packet, an error is always sent to the sender if a packet is too large. – kasperd – 2014-07-04T00:12:22.707