Hi,
Doing a great course on Pluralsight right now about Wireshark while troubleshooting a real world issue. I have a question about wireshark and the way the length and tcp segment is displayed.
Let's imagine I have SDWAN to a Hub location, and behind that Hub is Azure. We are doing a SQL Query from Azure to the SDWAN site.
The 3 Way Handshake then completes and a few options are negotiated. The MSS from Azure is 8960, the SDWAN site is 1318. So, 1318 wins. The lowest MTU across the link is possibly 1405.
Now once data flows, am I right in expecting all packets to have a maximum of TCP Segment length of 1360 and a maximum packet length of 1414 to account for overhead?
The reason I ask is after a few Sql batches, a packet is sent from server to destination with TCP length 4096 and length is 4150.
I am not sure if I have studied too much and gone deep into the matrix. My other thought was maybe this packet is fragmented later on, as I have only captured from machine itself.
Thanks for reading and any info.
No comments:
Post a Comment