Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1010
Views
1
Helpful
4
Replies

asa find source of fragmentation

DraganSkundric87318
Level 1
Level 1

‎04-26-2023 03:26 AM

hi,

I need to decrease number of fragments from default 24 to 1 one some ASA interfaces. show fragment command shows there are fragments comeing to that interface. How can I find source of fragments? Can I capture packets usimg ip packet offset or somehow generate log for fragmented packets? I need to find source before decreasing acceptable number of fragments on interface.

br

4 Replies 4

Marius Gunnerud
VIP
VIP

‎04-26-2023 03:28 AM - edited ‎04-26-2023 03:28 AM

You could set up a packet capture on that interface and let it run a little and then open it up in Wireshark or similar and analyse the packets there for fragmentation.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

DraganSkundric87318
Level 1
Level 1
In response to Marius Gunnerud

‎04-26-2023 03:29 AM

this is last resort I'd like to avoid because of amount of traffic

0 Helpful

Marius Gunnerud
VIP
VIP
In response to DraganSkundric87318

‎04-26-2023 03:35 AM

Then you could send traffic to a syslog server and filter there for PMTU exceeded or something like that.  As far as I know there are no show commands that will give you the source IP of a fragmented packet.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

MHM Cisco World
VIP
VIP
In response to DraganSkundric87318

‎04-26-2023 03:51 AM - edited ‎04-26-2023 03:52 AM

You are right,  But with capture you can use match host. 

But which host I select? You can select the server, since server can send large packet. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card