asa find source of fragmentation
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-26-2023 03:26 AM
hi,
I need to decrease number of fragments from default 24 to 1 one some ASA interfaces. show fragment command shows there are fragments comeing to that interface. How can I find source of fragments? Can I capture packets usimg ip packet offset or somehow generate log for fragmented packets? I need to find source before decreasing acceptable number of fragments on interface.
br
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-26-2023 03:28 AM - edited 04-26-2023 03:28 AM
You could set up a packet capture on that interface and let it run a little and then open it up in Wireshark or similar and analyse the packets there for fragmentation.
Please remember to select a correct answer and rate helpful posts
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-26-2023 03:29 AM
this is last resort I'd like to avoid because of amount of traffic
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-26-2023 03:35 AM
Then you could send traffic to a syslog server and filter there for PMTU exceeded or something like that. As far as I know there are no show commands that will give you the source IP of a fragmented packet.
Please remember to select a correct answer and rate helpful posts
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-26-2023 03:51 AM - edited 04-26-2023 03:52 AM
You are right, But with capture you can use match host.
But which host I select? You can select the server, since server can send large packet.
