Wireshark Tips (2)

packetbomb.com - troubleshooting MTU issue

• Following the previous post, need column - tcpLen, Seq, nextSeq, Ack, BytesInFlight
• Statistics -> conversation, find the biggest stream 
• couple of TCP retransmission packets in jumbo frame with DF bit, because no ACK
• later sender starts with 512B -> 1024B, then conversation on. 
• clearly, 1 or multiple middle routers can't handle jumbo frames
• filter = icmp, doesn't show any icmp unreachable
• per RFC 1191 - path MTU discovery. The middle routers should return a ICMP destination Unreachable message with code = "frag needed and DF set"
• So these pkts are dropped by either firewall or disabled on the router