... darkrealms ...

Forums before death by AOL, social media and spammers... "We can't have nice things"

comp.protocols.tcp-ip

TCP and IP network protocols.

14,669 messages

[ << oldest | < older | list | newer > | newest >> ]

Message 13,950 of 14,669

Dick Wesseling to Mark

Re: IP fragments

20 Mar 13 20:26:04

   From: free@securityaudit.val.newsbank.net   
      
   In article ,   
   	"Mark"  writes:   
   > Hello,   
   >   
   > I've encountered the following statement somewhere in the net: "Although   
   > theoretically only 8 bytes of L4 info may be guaranteed in a fragment,   
   > assume complete L4 info is available...". I don't understand how possible   
   > that only 8 bytes of a transport are guaranteed in a fragment, as the IP   
   > fragment can't be less than 46 bytes (minimum payload size for Ethernet   
   > frame), and this includes 20 bytes of IP header and 20bytes of TCP header   
   > (not considering variable-lngth options), UDP will be less.   
   >   
   > Thus for the first IP fragment we always can expect IP header at tcp header,   
   > while other fragments will carry only IP header + payload.   
   >   
   > I believe I'm missing something, but I still can't understand why only 8   
   > bytes can be guaranteed in a fragment? I would appreaciate if someone helps   
   > to clarify this issue. Thanks !   
   >   
      
   L4 = Layer 4, i.e. the layer above IP (L1=physical layer, L2=datalink layer,   
   L3=IP itself). So we're talking about 8 bytes of _payload_.   
      
   The IP fragmentation offset in in 8-byte units. So a well-formed IP fragment   
   - other than the last one - should start at an 8-byte boundary and end at   
   an 8-byte boundary and its size is therefore a multiple of 8 bytes.   
   The last fragment may be smaller than that.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)

[ << oldest | < older | list | newer > | newest >> ]