Wireshark-users: [Wireshark-users] Maximum segment size of 1460 but message sizes over 4000 bytes

From: John Crowley <jdcrowley@xxxxxxxxx>
Date: Mon, 13 Nov 2006 21:24:36 -0500
Title: Maximum segment size of 1460 but message sizes over 4000 bytes

Searched all through the documentation and archives, but could not find any mention of this.

I am running 0.10.14 on Fedora 5 and capturing traffic between that Linux box and a special purpose device using TCP/IP protocol.

The connection is made with an MSS set to 1460, and acknowledged as 1460, but shortly afterwards the server starts sending some large packets -- 2920 bytes, 4443 bytes, etc.  At least this is what is reported in the trace.

The receiving device continues to function correctly, so these packets must not actually be received at this length since it should generate an error message and if not would overflow buffers and crash.

Can anyone explain what is actually happening?

John Crowley

Office:  203.222.8031
Cell:      203.856.2396
EMail:   j.crowley@xxxxxxxxxxxx


--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.430 / Virus Database: 268.14.5/533 - Release Date: 11/13/2006 8:56 PM