MTU
MTU 指的是 IP报文的大小, 一般MTU为1500
TCP模式下:
1500(MTU) = 1460(tcp payload) + 20(tcp head) + 20(ip head)
如果这个报文在MAC网卡上传输,还需打上 MAC头
1514 = 6(dst mac) + 6(src mac) +2(type) + MTU
现象描述
工作中需要将抓下来的报文回放测试,
但是回放软件不支持 巨帧类型报文, 提示: 报文数据太长.
以下是网卡抓包时, 确实可以看到存在IP报文 远大于常规MTU 1500
使用 tcpdump 显示 超过 1500 的报文1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29root@debian:~# tcpdump -i br0 greater 1500 -tnn
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on br0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 2226131961:2226147902, ack 3941396929, win 63783, length 15941
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 17391:26372, ack 1, win 63783, length 8981
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 26372:34809, ack 1, win 63783, length 8437
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 34878:40611, ack 245, win 63539, length 5733
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 40611:43112, ack 245, win 63539, length 2501
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 43234:51447, ack 314, win 63470, length 8213
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 51569:56662, ack 383, win 63401, length 5093
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 56800:62277, ack 452, win 63332, length 5477
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 62415:66948, ack 521, win 63263, length 4533
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 67086:71827, ack 590, win 63194, length 4741
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 71965:78434, ack 659, win 63125, length 6469
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 78572:83345, ack 728, win 63056, length 4773
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 83483:88288, ack 797, win 62987, length 4805
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 88426:93919, ack 866, win 62918, length 5493
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 94057:101102, ack 935, win 62849, length 7045
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 101224:107677, ack 1004, win 62780, length 6453
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 107799:114716, ack 1073, win 62711, length 6917
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 114838:119963, ack 1142, win 62642, length 5125
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 120085:125770, ack 1211, win 62573, length 5685
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 125908:132153, ack 1280, win 64000, length 6245
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 132291:137912, ack 1349, win 63931, length 5621
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 138050:143191, ack 1418, win 63862, length 5141
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 143366:152587, ack 1704, win 63576, length 9221
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 152725:158378, ack 2091, win 63189, length 5653
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 158516:163993, ack 2568, win 62712, length 5477
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 164131:169416, ack 3061, win 63735, length 5285
或者使用 tshark 抓包测试1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25[root@localhost ~]# tshark -i enp1s0f1 -Y "tcp.len>1400"
Running as user "root" and group "root". This could be dangerous.
Capturing on 'enp1s0f1'
119 3.198907390 172.16.20.10 → 180.101.49.11 TLSv1.2 1683 Application Data
178 3.412165770 180.101.49.131 → 172.16.20.10 TCP 1504 HTTP/1.1 200 OK [TCP segment of a reassembled PDU]
179 3.412182570 180.101.49.131 → 172.16.20.10 TCP 1514 HTTP/1.1 200 OK [TCP segment of a reassembled PDU]
182 3.412539489 180.101.49.131 → 172.16.20.10 TCP 2974 HTTP/1.1 200 OK [TCP segment of a reassembled PDU]
184 3.412737806 180.101.49.131 → 172.16.20.10 TCP 2605 HTTP/1.1 200 OK [TCP segment of a reassembled PDU]
187 3.421079780 180.101.49.131 → 172.16.20.10 TCP 2790 HTTP/1.1 200 OK [TCP segment of a reassembled PDU]
189 3.442317927 180.101.49.131 → 172.16.20.10 TCP 1503 HTTP/1.1 200 OK [TCP segment of a reassembled PDU]
190 3.442332083 180.101.49.131 → 172.16.20.10 TCP 1509 HTTP/1.1 200 OK [TCP segment of a reassembled PDU]
193 3.442477611 180.101.49.131 → 172.16.20.10 TCP 1743 HTTP/1.1 200 OK [TCP segment of a reassembled PDU]
195 3.442695469 180.101.49.131 → 172.16.20.10 TCP 1514 HTTP/1.1 200 OK [TCP segment of a reassembled PDU]
196 3.442869033 180.101.49.131 → 172.16.20.10 TCP 1497 HTTP/1.1 200 OK [TCP segment of a reassembled PDU]
198 3.442878294 180.101.49.131 → 172.16.20.10 TCP 1722 HTTP/1.1 200 OK [TCP segment of a reassembled PDU]
233 3.460282630 114.80.30.31 → 172.16.20.10 TCP 1590 HTTP/1.1 200 OK [TCP segment of a reassembled PDU]
241 3.460855410 114.80.30.31 → 172.16.20.10 TCP 2734 80 → 2473 [ACK] Seq=5361 Ack=434 Win=71168 Len=2680 [TCP segment of a reassembled PDU]
244 3.461215873 114.80.30.31 → 172.16.20.10 TCP 2734 80 → 2473 [ACK] Seq=9381 Ack=434 Win=71168 Len=2680 [TCP segment of a reassembled PDU]
248 3.461523983 114.80.30.31 → 172.16.20.10 TCP 2734 80 → 2473 [ACK] Seq=13401 Ack=434 Win=71168 Len=2680 [TCP segment of a reassembled PDU]
250 3.461745210 114.80.30.31 → 172.16.20.10 TCP 2734 80 → 2473 [ACK] Seq=16081 Ack=434 Win=71168 Len=2680 [TCP segment of a reassembled PDU]
255 3.462245056 114.80.30.31 → 172.16.20.10 TCP 2734 80 → 2473 [ACK] Seq=21441 Ack=434 Win=71168 Len=2680 [TCP segment of a reassembled PDU]
258 3.462567240 114.80.30.31 → 172.16.20.10 TCP 2734 80 → 2473 [ACK] Seq=25461 Ack=434 Win=71168 Len=2680 [TCP segment of a reassembled PDU]
260 3.462805987 114.80.30.31 → 172.16.20.10 TCP 2734 80 → 2473 [ACK] Seq=28141 Ack=434 Win=71168 Len=2680 [TCP segment of a reassembled PDU]
264 3.463145102 114.80.30.31 → 172.16.20.10 TCP 2734 80 → 2473 [ACK] Seq=32161 Ack=434 Win=71168 Len=2680 [TCP segment of a reassembled PDU]
267 3.463452379 114.80.30.31 → 172.16.20.10 TCP 2734 80 → 2473 [ACK] Seq=36181 Ack=434 Win=71168 Len=2680 [TCP segment of a reassembled PDU]
查看网卡已打开的特性
1 |
|
关闭 发送/接收 巨帧特性
1 |
|
测试
看看tcp payload length 大于 1400 的报文, 都是什么样子1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28[root@localhost ~]# tshark -i enp1s0f1 -Y "tcp.len>1400"
Running as user "root" and group "root". This could be dangerous.
Capturing on 'enp1s0f1'
49 1.456940493 172.16.20.10 → 106.120.159.161 TCP 1506 [TCP segment of a reassembled PDU]
146 4.519927427 106.11.93.6 → 172.16.20.10 TLSv1.2 1506 Server Hello
147 4.519943744 106.11.93.6 → 172.16.20.10 TCP 1506 443 → 2570 [ACK] Seq=1453 Ack=518 Win=7300 Len=1452 [TCP segment of a reassembled PDU]
152 4.521441858 106.11.93.6 → 172.16.20.10 TCP 1506 443 → 2570 [ACK] Seq=4097 Ack=518 Win=7300 Len=1452 [TCP segment of a reassembled PDU]
154 4.521458718 106.11.93.6 → 172.16.20.10 TCP 1506 443 → 2570 [ACK] Seq=5549 Ack=518 Win=7300 Len=1452 [TCP segment of a reassembled PDU]
157 4.521637687 101.226.27.254 → 172.16.20.10 TLSv1.3 1514 Server Hello, Change Cipher Spec, Application Data
159 4.521746280 101.226.27.254 → 172.16.20.10 TCP 1514 443 → 2572 [ACK] Seq=1461 Ack=518 Win=30720 Len=1460 [TCP segment of a reassembled PDU]
162 4.522106998 106.11.93.6 → 172.16.20.10 TLSv1.2 1506 Server Hello
163 4.522178194 106.11.93.6 → 172.16.20.10 TCP 1506 443 → 2569 [ACK] Seq=1453 Ack=518 Win=7300 Len=1452 [TCP segment of a reassembled PDU]
166 4.523680812 101.226.28.253 → 172.16.20.10 TLSv1.3 1514 Server Hello, Change Cipher Spec, Application Data
167 4.523698000 101.226.28.253 → 172.16.20.10 TCP 1514 443 → 2571 [ACK] Seq=1461 Ack=518 Win=30720 Len=1460 [TCP segment of a reassembled PDU]
186 4.544912740 106.11.93.6 → 172.16.20.10 TLSv1.2 1483 Application Data
187 4.544928509 106.11.93.6 → 172.16.20.10 TLSv1.2 1483 Application Data
191 4.556149369 106.11.93.6 → 172.16.20.10 TCP 1506 443 → 2569 [ACK] Seq=4097 Ack=518 Win=7300 Len=1452 [TCP segment of a reassembled PDU]
193 4.556165237 106.11.93.6 → 172.16.20.10 TCP 1506 443 → 2569 [ACK] Seq=5549 Ack=518 Win=7300 Len=1452 [TCP segment of a reassembled PDU]
234 4.646723475 172.16.20.10 → 106.120.159.126 TCP 1506 [TCP segment of a reassembled PDU]
263 4.814387661 106.11.251.20 → 172.16.20.10 TLSv1.2 1514 Server Hello
264 4.814530548 106.11.251.20 → 172.16.20.10 TLSv1.2 1514 Certificate [TCP segment of a reassembled PDU]
273 4.830729616 106.11.251.77 → 172.16.20.10 TLSv1.2 1514 Server Hello
274 4.830746576 106.11.251.77 → 172.16.20.10 TLSv1.2 1514 Certificate [TCP segment of a reassembled PDU]
307 4.895171325 101.227.24.251 → 172.16.20.10 TLSv1.3 1514 Server Hello, Change Cipher Spec, Application Data
308 4.895187558 101.227.24.251 → 172.16.20.10 TCP 1514 443 → 2577 [ACK] Seq=1461 Ack=518 Win=30720 Len=1460 [TCP segment of a reassembled PDU]
325 4.915576028 101.226.28.235 → 172.16.20.10 TLSv1.2 1514 Server Hello
326 4.915592376 101.226.28.235 → 172.16.20.10 TCP 1514 443 → 2576 [ACK] Seq=1461 Ack=518 Win=30720 Len=1460 [TCP segment of a reassembled PDU]
355 4.997003363 140.205.164.1 → 172.16.20.10 TLSv1.2 1514 Server Hello
测过了, 再也找不到 TCP payload 大于 1460的报文了
1 |
|
更多参考
1 |
|