IP fragmentation and TCP fragmentation differences

To be exact: TCP fragmentation should be called TCP segmentation.

——————————————————————————————————————————————————————

Difference:

1.IP fragmentation is caused by the fact that the MTU;TCP segment of the network layer is caused by MSS.

2.IP fragmentation is done by the network layer and reorganized at the network level; TCP segmentation is done at the Transport layer and reorganized at the transport layer. Transparency

3. For Ethernet, MSS is 1460 bytes, and mut tends to be larger than MSS.

Therefore, the use of TCP protocol for data transmission, is not caused by IP fragmentation. If the data is too large, only in the Transport Layer data segmentation, to the IP layer without fragmentation.

The IP fragmentation we often mention is due to the UDP transport protocol because the UDP transport protocol does not limit the size of the transmitted datagram.

Why would there be IP fragmentation. The immediate reason is that the upper layer protocol attempts to send a piece of data that is longer than the MTU (Maxitum transmission Unit). What happens, or what protocol would try to send such a long data. Common to have UDP and ICMP, need to pay special attention to IS, TCP generally not.

Why TCP does not cause IP fragmentation. The reason is that TCP itself supports fragmentation: When TCP transmits data that is longer than the MSS (Maxitum Segment Size), the data is segmented, and normally the MSS is less than the MTU, so TCP generally does not cause IP fragmentation.

UDP and ICMP do not support this fragmentation, and UDP and ICMP believe that the network layer can transmit infinitely long (actually 65535 of the limit) of data, when the two protocols send data, they do not consider the length of data, only in its head to add UDP or ICMP header, And then just give it to the network layer. Then the network layer IP protocol fragment the "Long head short" data, do not expect IP to be very "smart" to identify the data to its upper head where, where the load is, it will directly cut the entire data into n slices, the result is that only the first fragment with UDP or ICMP header, And the other fragments are not.

And then further understand the necessity of TCP existence.

The reason for the difference above said very clearly, TCP has segmentation, each receive slices will ack, UDP regardless of these. The following section comes from Cisco Http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00800d6979.shtml It's mainly about the TCP MSS.

Issues with IP fragmentation

There are several issues that make IP fragmentation undesirable. There is a small increase in CPUs and memory overhead to fragment an IP datagram. This holds is true for the sender as the as-as-for-router in the path between a sender and a receiver. Creating fragments simply involves creating fragment headers and copying the original into the datagram. This can do fairly efficiently because all the information needed to create the fragments is immediately.

Fragmentation causes more overhead for the receiver when reassembling the fragments because the receiver must mem Ory for the "arriving fragments and coalesce them back to one datagram after all of the fragments are. Reassembly on a host isn't considered a problem because the host has the time and memory resources to devote to this task .

But, reassembly is very inefficient on a router whose primary job are to forward packets as quickly as possible. A Router is isn't designed to hold in to packets for any length of. Also a router doing reassembly chooses the largest buffer available (18K) with which to work because it has no way of know ing the size of the original IP packet until the last fragment is received.

The

Another fragmentation issue involves handling dropped. If One fragment of a IP datagram is dropped, then the entire original IP datagram must, and it'll resent be fra Gmented. You are example of this with network File System (NFS). NFS, by default, has a read and write block size of 8192, so a NFS ip/udp datagram would be approximately 8500 (bytes Ding NFS, UDP, and IP headers). A sending station connected to A Ethernet (MTU 1500) would have to fragment the 8500 byte datagram into six pieces; Five 1500 byte fragments and one 1100 byte fragment. If any of the six fragments is dropped because of a congested link, the complete original datagram would have to be Retrans Mitted, which means that six the more fragments would have to be created. If This link is drops one in six packets, then the odds are low so any NFS data can is transferred over this link and since at Least one IP fragment would is dropped from each NFS 8500 byte original IP datagram.

Firewalls that filter or manipulate packets based on Layer 4 (L4) through Layer 7 (L7) information in the packet may ha ve trouble processing IP fragments correctly. If the IP fragments are out of order, a firewall could block the non-initial fragments because they does not carry the Informa tion that would match the packet filter. This would mean the original IP datagram could is reassembled by the receiving host. If the firewall is configured to allow non-initial fragments with insufficient information to properly match the filter, T Hen a non-initial fragment attack through the firewall could. Also, some network devices (such as Content Switch engines) direct packets based on L4 through L7 information, and if a PA Cket spans multiple fragments, then the device may have trouble it enforcing.
Avoiding IP fragmentation:what TCP MSS does and how It works

The TCP Maximum Segment Size (MSS) defines the Maximum amount of data that's a host is willing to accept in a single tcp/ IP datagram. This TCP/IP datagram May is fragmented at the IP layer. The MSS value is sent as a TCP header option only in TCP SYN segments. Each side of a TCP connection reports it MSS value to the other side. Contrary to popular belief, the MSS value are not negotiated between hosts. The sending host is required to limit the size of data in a single TCP segment to a value less than or equal to the MSS re Ported by the receiving host.

Originally, MSS meant how big a-buffer (greater than or equal to 65496K) is allocated on a receiving station to be able t o Store the TCP data contained within a single IP datagram. MSS is the maximum segment (chunk) of data that the TCP receiver is willing to accept. This TCP segment could is as large as 64K (the maximum IP datagram size) and it could is fragmented at the IP layer in Ord Er to is transmitted across the network to the receiving host. The receiving host would reassemble the IP datagram before it handed the complete TCP segment to the TCP layer.

Below are a couple of scenarios showing how MSS values are set and used to limit TCP segment sizes, and therefore, IP data Gram sizes.

Scenario 1 illustrates the way MSS was-a-implemented. Host A has a buffer of 16K and host B a buffer of 8K. They send and receive their MSS values and adjust their send MSS for sending data to each of the other. Notice that host A and host B would have to fragment the IP datagrams that are larger than the interface MTU but still less than the "Send MSS" because the TCP stack could pass 16K or 8K bytes of data down the stack to IP. In Host B's case, packets could is fragmented twice, once to get onto the Token ring LAN and again to get onto the Etherne T LAN.

An example of TCP MTU calculation:

A Packet Fragmentation Example

If a 2,366 byte packet (TCP) enters a Ethernet network with a default MTU size, it must is fragmented into two packets.

The packet would:
Be 1,500 bytes in length. Bytes would be the IP header, bytes would be the TCP header, and 1,456 bytes would be data.
Have the DF bit equal to 0 to mean "may Fragment" and the MF bit equal to 1 to mean "more fragments."
Have a fragmentation Offset of 0.

The second packet would:
Be 910 bytes in length. Bytes would be the IP header, bytes would be the TCP header, and 866 bytes would be data.
Have the DF bit equal to 0 to mean "may Fragment" and the MF bit equal to 0 to mean "last Fragment."
Have a fragmentation Offset of (note:182 is 1456 divided by 8).
The Packet fragmentation Attack

Packet fragmentation can be utilized to get around blocking the rules on some firewalls.

This are done by cheating with the value of the Fragment Offset. The trick is to set the value of the "Fragment" Offset on the second packet so low that instead of appending the second pack ET to the the packet, it actually overwrites the "data and part of the" TCP header of the The "the" the "the"

Let's say you want to ' telnet ' into a network where the TCP port is blocked by a packet filtering. However, SMTP Port is allowed to that network.

What you would does are to send two packets:

The packet would:
Have a fragmentation Offset of 0.
Have the DF bit equal to 0 to mean "may Fragment" and the MF bit equal to 1 to mean "more fragments."
Have a destination Port in the TCP header of 25. The TCP port is allowed, so the firewall would allow this packet to enter the network.

The second packet would:
Have a fragmentation Offset of 1. This is means that the second packet would actually overwrite everything but the 8 bits of the ' the ' the ' the ' the ' the '
Have the DF bit equal to 0 to mean "may Fragment" and the MF bit equal to 0 to mean "last Fragment."
Have a destination Port in the TCP header of 23. This would normally is blocked, but'll not being in this case!

The packet filtering firewall'll, Fragment Offset is greater than zero on the second packet. From this data, it would deduce that's second packet is a fragment of another packet and it would not check the second PAC Ket against the rule set.

When the two packets arrive at the target host, they'll be reassembled. The second packet'll overwrite most of the the ' the ' the ' the ' packet ' contents of the combined of ' to ' to port 23.

--------------------

To be aware of:

The above is mainly said from the host to send the processing, when to router, the arrival of the IP datagram will decap and EnCap sent again, but router only responsible to network layer, it will not discriminate between UDP and TCP, If a smaller MTU is encountered, it separates the received IP data (excluding the IP header), and then each fragment has an IP header (not how to pass),

If the host reaches TCP data here, it is obvious that the IP header of each IP fragment is followed by a TCP header (but this is not a router copy operation, but a host's MSS on the Transport Layer), If host upload is UDP data here, only the first IP fragment IP header will have UDP header (this is because the host does the fragmentation on the network layer operation).

The TCP---HOST operates on the transport layer, MSS, and each fragment has a TCP header.

UDP---Host operates on network layer, only the first fragment has a UDP header

Router---Regardless of its upper layer protocol (TCP or UDP), always operates on the network layer.