04-26-2023 03:26 AM
hi,
I need to decrease number of fragments from default 24 to 1 one some ASA interfaces. show fragment command shows there are fragments comeing to that interface. How can I find source of fragments? Can I capture packets usimg ip packet offset or somehow generate log for fragmented packets? I need to find source before decreasing acceptable number of fragments on interface.
br
04-26-2023 03:28 AM - edited 04-26-2023 03:28 AM
You could set up a packet capture on that interface and let it run a little and then open it up in Wireshark or similar and analyse the packets there for fragmentation.
04-26-2023 03:29 AM
this is last resort I'd like to avoid because of amount of traffic
04-26-2023 03:35 AM
Then you could send traffic to a syslog server and filter there for PMTU exceeded or something like that. As far as I know there are no show commands that will give you the source IP of a fragmented packet.
04-26-2023 03:51 AM - edited 04-26-2023 03:52 AM
You are right, But with capture you can use match host.
But which host I select? You can select the server, since server can send large packet.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide