Hi,
On a pair of Ubuntu linux laptops (call them A and B) connected via a 1Gbps link, I am
running “iperf3 –c” on node A and “iperf3 –s” on node B. Also on node B I am running
wireshark on B’s “eth0” interface to capture the traffic. When I start the wireshark
capture, and then start the iperf3 test, the capture shows “summary” TCP/IP packets
instead of the “real” packets.
I call them “summary” packets because their length is much larger than 1500 bytes (the
MTU of the link connecting A and B). For example, I see packets with lengths like 20338,
29026, etc. When I use wireshark to examine the IP headers of these “summary” packets,
the IP length field reflects these larger values and shows the packets as non-fragmented
IP packets, which makes no sense because the largest non-fragmented IP packet possible
is only 1500 bytes.
When I put a router (call it R) between nodes A and B and run wireshark on R, what I see
is the “summary” packet followed by N 1500 byte packets that cover the same sequence
number space as for the summary packet. This begins to make sense to me because the
smaller packets fit inside the path MTU. But, the “summary” packet sill shows up in the
wireshark capture.
Can someone explain to me what is going on here?
Thanks - Fred
