Showing results for 
Search instead for 
Did you mean: 

IP Fragments Header

Hello all


Below statement found in cisco website, saying only non-fragment & initial Fragment packets contain Layer 4 header, 

and non-initial fragments do not contain.

""Non-initial fragments are traditionally allowed through the ACL because they can be blocked based on Layer 3 information in the packets; however, because these packets do not contain Layer 4 information, they do not match the Layer 4 information in the ACL entry, if it exists.""


But as per my lab test, only non-fragment and the final fragment contains Layer 4 header, not an initial one!.

I have attached packet capture below, can anyone explain, please?IP Frag.JPG




Everyone's tags (2)
Hall of Fame Expert

Re: IP Fragments Header

Hello Siva,

you are using a small server / service called ECHO on TCP port 7.


see the following thread from learning network for additional info


In fact, the last packet is recognized as ECHO in the packet capture.


The ECHO service is described here in the following RFC



TCP Based Echo Service

   One echo service is defined as a connection based application on TCP.
   A server listens for TCP connections on TCP port 7.  Once a
   connection is established any data received is sent back.  This
   continues until the calling user terminates the connection.


My guess is that what you see is application specific, because this ECHO service sends back the received traffic in reverse order with the objective to provide a way to measure RTT = Round Trip Time. = two ways delay.



This protocol on the UDP port 7 is actually used for Wake on LAN.


So I would suggest you to setup an FTP server for example and to repeat your tests with a conventional application like FTP.

The results of the new tests should show that the layer4 information is contained in the first fragment and not in the last one as I have always seen in my packet captures.

In other words you have found an exception to the general rule, given the peculiar nature of the ECHO service.


>> I hope your switching exam has been successful.


Hope to help




Re: IP Fragments Header

Hi @Giuseppe Larosa 


Thank you for the reply,

Let me do the test with other protocol as you said.


I'm glad you remember me!

With your helping hands I successfully completed my switch exam.







Re: IP Fragments Header

Hello @Giuseppe Larosa 


I have captured TCP fragments, below is the packet details 

tcp fregments.JPG


But I could see only all the collected fragments, could you help me to find any other way to see TCP header only in the first fragment.




CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards