Network Applications and Network Applications Lab
Chapter Three Notes
Other Chapter Notes:
occurs when an IP datagram traveling on a network has to traverse a
network with a maximum transmission unit (MTU) that is smaller that
the size of the datagram.
example: If an IP datagram is 2000 bytes and the network that it is
trying to get into has a MTU of 1500 bytes, the router must fragment
the packet so it can travel on that network.
associated with each other with a common fragment identification
the IP header.
known as the fragment ID.
tell the length of the data carried in the fragment.
know if more fragments follow it; this is done using the More
Fragments (MF) flag.
information is contained in the IP header and a fragment
encapsulation is placed around that.
Fragmentation: Seeing is Understanding
has a MTU of 1500 bytes.
datagram must have an IP header, usually 20 bytes, but can be more
if IP options are included.
a datagram is 4028 bytes, it needs to be broken up into smaller
pieces of 1500 bytes or less.
of these 1500 byte datagram contains at least a 20 byte header,
so that leaves no more than 1480 bytes for data.
first fragment contains the original header (20 bytes) along
with the ICMP header (8 bytes) and that leaves 1472 bytes for
the ICMP data.
second fragment contains a 20 byte header and 1480 bytes of
third and last fragment contains a 20 byte header and 1048 bytes
1472 bytes of data plus 1480 bytes of data plus 1048 bytes of
data gives you your original amount of data equal to 4000 bytes.
(4028 – 20 – 8 = 4000)
Aboard the Fragment Train
first fragment contains the ICMP header.
More Fragments (MF) flag is the IP header of the fragments that
have more fragments following them.
Fragment Dining Car
information is duplicated for each of the fragments
Header is only on the first fragment
usually not be a full sized fragment because it contains the
last of the data.
Fragmentation Using TCPdump
can see this fragment data with TCPdump along with showing the
ICMP header only on the first fragment.
and Packet-Filtering Devices
routers and/or firewalls try to block fragmented traffic.
fragmented packet might not get through due to header information,
but other packets may get though.
Don’t Fragment Flag
that this packet CANNOT be fragmented.
this flag is set and the datagram cross a network where
fragmentation is required, the datagram will be discarded as
has provided another way for hackers to have fun.
nmap command-line option (-f) fragments the 20-byte headers into
multiple headers to avoid detection.
nmap –f –sS –p 53 target.com
sends a fragmented SYN connection to port 53 of target.com.
fragments in the header
cause a system to hang or possible reboot.
involves separating and packing the original datagram into new
packets less than or equal to the size of the original.
fragmentation usually occurs as a denial-of-service attack.
[Home] [Procedures] [Reading
Notes] [Back to Top]
Questions or Comments? Click here
to email me.