I need to decrease number of fragments from default 24 to 1 one some ASA interfaces. show fragment command shows there are fragments comeing to that interface. How can I find source of fragments? Can I capture packets usimg ip packet offset or somehow generate log for fragmented packets? I need to find source before decreasing acceptable number of fragments on interface.
You could set up a packet capture on that interface and let it run a little and then open it up in Wireshark or similar and analyse the packets there for fragmentation.
-- Please remember to select a correct answer and rate helpful posts
Then you could send traffic to a syslog server and filter there for PMTU exceeded or something like that. As far as I know there are no show commands that will give you the source IP of a fragmented packet.
-- Please remember to select a correct answer and rate helpful posts
