Re: would an datagram/packet get shorter?

From: Tauno Voipio (
Date: 04/03/04

Date: Sat, 03 Apr 2004 09:21:20 GMT

Kenji Chan wrote:
>>A packet could get fragmented into two packets by a router.
>>Is that what you're asking about?
> no, not really. I assumed that the DF(don't fragment bit) is set, so forget
> about IP fragment
> I want to ask that, is that possible for an IP packet get shorter
> // for example
> sender sends 100 bytes
> would the receiver receive less or maybe more than 100 bytes?

The length of a non-broken IP packet is exactly what is written
in the IP header length field. The IP layer is responsible to
silently discard a packet arriving from the data link layer
with a length of less than the indicated length or a packet
with a mis-matching checksum.

It is possible that the data link layer transfers more than
the indicated IP packet length due to minimum packet length
restrictions on e.g. Ethernet. The extra padding bytes after
the IP packet are just ignored.

Most data links verify the integrity of the packet transferred
with e.g. CRC, but for example the SLIP data link does not
check the integrity of the packet in any way. In a serial
line it is possible to drop or corrupt any bytes in the


Tauno Voipio
tauno voipio @ iki fi

Relevant Pages

  • Re: [Full-Disclosure] A new TCP/IP blind data injection technique?
    ... For example the BorderWare Firewall will not accept fragmented packets, ... Then pass or drop the packet. ... > should be fairly easy to turn this into a practical attack. ... The other fragment of Bob's packet carry the ...
  • Re: [newbie] trying socket as a replacement for nc
    ... Path MTU isn't large enough for an original packet? ... You're conflating IP datagrams and Ethernet packets. ... fragment an IP datagram into multiple Ethernet packets which are then ... and reassemble internet datagrams when necessary for transmission ...
  • Re: sshd hangs after SSH2_MSG_KEXINIT sent - Fedora Core 5 update
    ... For each network interface on both client and server set the MTU to 576, ... Only the first fragment has TCP port numbers. ... such devices should perform packet reassembly first so as to properly consider fragmented packets. ...
  • Re: [Full-Disclosure] A new TCP/IP blind data injection technique?
    ... >data payload and within an established session, ... >Bob's packet exceeds the MTU somewhere en route (be it on some WAN ... fragment at the place you mention. ... All in all, an interesting attack vector, but I'm not sure how practical ...
  • [OT] TCP/IP help needed: MTU Discovery
    ... too-large packet with the "Don't Fragment" bit set to zero? ... I'm having a problem with SMTP where the client starts off sending small ... An ICMP message is sent back indicating this, ...