Fragmentation

What is IPv4 Fragmentation?

IPv4 Fragmentation is the process of breaking a large IP packet into smaller pieces (fragments) so it can pass through networks with smaller Maximum Transmission Units (MTUs). Each fragment is sent separately and reassembled at the destination.

Why is IPv4 Fragmentation useful?

It’s useful when packets exceed the MTU of a network segment. Without fragmentation, oversized packets would be dropped. Fragmentation ensures that large packets can still traverse networks with varying MTU sizes.

How does IPv4 Fragmentation work?

A router or sending host splits the packet into fragments. Each fragment has its own IPv4 header, including fields like Identification, Fragment Offset, and More Fragments (MF) flag. The receiver uses these fields to reassemble the original packet.

Where is IPv4 Fragmentation used?

Fragmentation is used whenever a packet’s size exceeds the MTU of a link. This may happen in WAN connections, older networks, or tunnels. It’s handled by routers or sending hosts, depending on the configuration.

Which OSI layer does IPv4 Fragmentation belong to?

IPv4 Fragmentation is a function of the Network Layer (Layer 3). It operates as part of the IP protocol, enabling reliable delivery of data across different types of networks.

Is IPv4 Fragmentation Windows specific?

No, IPv4 Fragmentation is part of the core IP protocol and is supported on all major operating systems, including Windows. Fragmentation can be influenced by system settings but is not platform-specific.

Is IPv4 Fragmentation Linux specific?

No. Linux supports IPv4 Fragmentation like any OS with a networking stack. Linux also provides tools to observe or manipulate fragmentation behavior (e.g., ping -M do, ip, iptables).

Which Transport Protocol is used by IPv4 Fragmentation?

IPv4 Fragmentation is transport-independent. It fragments any IP packet, regardless of whether it carries TCP, UDP, ICMP, or other Layer 4 protocols.

Which Port is used by IPv4 Fragmentation?

Fragmentation occurs at the network layer and does not involve ports. Port numbers belong to the transport layer (TCP/UDP), and fragmentation occurs before port-specific data is processed.

Is IPv4 Fragmentation using client-server model?

No. Fragmentation is independent of application architecture. It may occur in client-server, peer-to-peer, or any IP-based communication where packet size exceeds the path MTU.

What happens when an IPv4 packet is too large to transmit?

When an IPv4 packet exceeds the Maximum Transmission Unit (MTU) of a network link, it is fragmented into smaller packets. These smaller packets are then transmitted separately and reassembled at the destination.

What is the Maximum Transmission Unit (MTU)?

MTU refers to the largest size of a packet that can be transmitted over a particular network without being fragmented. Different network types and devices may have different MTU sizes.

What is the “More Fragments” (MF) flag in IPv4 Fragmentation?

The “More Fragments” (MF) flag is a bit in the IPv4 header that indicates whether a packet is fragmented. If set, it means that more fragments follow; if not set, it means this is the last fragment.

What is the role of the Identification field in IPv4 Fragmentation?

The Identification field is used to uniquely identify fragments belonging to the same original packet. This helps the destination system to reassemble the fragments correctly.

How does the Fragment Offset field work in IPv4 Fragmentation?

The Fragment Offset field in the IPv4 header tells the receiving system where to place the fragment in the reassembled packet. It specifies the position of the fragment in the original packet.

What is the role of the TTL (Time to Live) in IPv4 Fragmentation?

The TTL field in an IPv4 packet helps prevent the packet from looping indefinitely if there is a routing error. It is decremented by each router, and if it reaches zero, the packet is discarded.

What happens if an IPv4 fragment is lost?

If any fragment of an IPv4 packet is lost during transmission, the entire packet must be retransmitted, because the receiver cannot reassemble it without all fragments.

Can IPv4 fragmentation occur on all network types?

No, some networks like Ethernet typically handle fragmentation, but others, such as PPPoE, may not allow fragmentation. If a packet is too large for such networks, it may be dropped.

What is the MTU size of Ethernet?

The standard MTU for Ethernet is 1500 bytes, which means any IP packet larger than 1500 bytes will require fragmentation to pass through Ethernet networks.

What is the impact of fragmentation on network performance?

Fragmentation can reduce network performance because it adds overhead. Every fragmented packet requires additional headers, and fragmented packets may encounter more routing delays and packet loss.

How can IPv4 fragmentation affect applications?

Fragmentation can cause performance issues in applications that depend on low latency or high throughput, as it increases overhead and the likelihood of packet reordering or loss.

Does IPv4 fragmentation impact security?

Yes, fragmentation can impact security by allowing attackers to bypass network security measures like firewalls and intrusion detection systems. This is because fragments might evade inspection, making packet analysis harder.

What happens when an IPv4 packet is fragmented beyond the network’s MTU?

If a packet exceeds the network’s MTU and cannot be fragmented, it will be dropped. The sender will typically receive an ICMP “Fragmentation Needed” message so it can resend the packet with a smaller size.

What is Path MTU Discovery (PMTUD)?

Path MTU Discovery is a technique used to determine the MTU of the entire path between the source and destination. This prevents fragmentation by ensuring packets are sent at the correct size to avoid exceeding MTU limits.

What is an IPv4 Fragment Reassembly Time?

The Fragment Reassembly Time refers to the time allowed for fragments to be reassembled. If the fragments are not reassembled within the allowed time, the original packet is discarded.

Can an IPv4 packet be reassembled at any router?

No, only the destination host is responsible for reassembling IPv4 fragments. Intermediate routers only forward fragments to the next hop.

What is the role of the IPv4 Header Checksum in fragmentation?

The IPv4 Header Checksum ensures that the header data of each fragment is not corrupted. Each fragment’s header is independently verified to ensure it is intact.

How do firewalls handle fragmented IPv4 packets?

Firewalls generally inspect the first fragment of a packet to determine if it is allowed based on rules. Subsequent fragments may be examined depending on the firewall’s configuration, but some firewalls drop fragmented packets by default to prevent potential security risks.

Is IPv4 fragmentation necessary in modern networks?

Fragmentation is becoming less necessary in modern networks with higher MTU sizes and better optimization techniques, such as Path MTU Discovery. However, it is still used when packets exceed network limitations.

Topics in this section,

  • In this section, you are going to learn

  • Terminology

  • Version Info

Objective

Demonstrate that a large IPv4 packet can be fragmented to pass through a network with a smaller Maximum Transmission Unit (MTU).

Test Setup

  • Laptop 1 (Server)

    • Configure the network interface enp0s8 with an IPv4 address.

    • Set the MTU of the interface to a smaller value (e.g., 1300 bytes) to create a bottleneck.

    test:~$ sudo ip addr add 192.168.1.10/24 dev enp0s8
test:~$ sudo ip link set enp0s8 up
test:~$ sudo ip link set dev enp0s8 mtu 1300
test:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
   inet 127.0.0.1/8 scope host lo
      valid_lft forever preferred_lft forever
   inet6 ::1/128 scope host noprefixroute
      valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
   link/ether 08:00:27:59:c3:5d brd ff:ff:ff:ff:ff:ff
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1300 qdisc fq_codel state UP group default qlen 1000
   link/ether 08:00:27:75:59:bf brd ff:ff:ff:ff:ff:ff
   inet 192.168.1.10/24 scope global enp0s8
      valid_lft forever preferred_lft forever

    Note

    Setting a lower MTU simulates network links with smaller packet size limits.

  • Laptop 2 (Client)

    • Configure the network interface enp0s8 with an IPv4 address.

    • Send a single ping packet larger than Laptop 1’s MTU to force fragmentation.

    test:~$ sudo ip addr add 192.168.1.20/24 dev enp0s8
test:~$ sudo ip link set enp0s8 up
test:~$ ping 192.168.1.10 -s 1400 -c 1
PING 192.168.1.10 (192.168.1.10) 1400(1428) bytes of data.
1408 bytes from 192.168.1.10: icmp_seq=1 ttl=64 time=1.56 ms
--- 192.168.1.10 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.562/1.562/1.562/0.000 ms

    Note

    The -s flag specifies the ICMP payload size in bytes.

Procedure and Analysis

  • Expected Fragmentation

    • Wireshark should show the single large ping packet broken into two or more fragments.

    • All fragments share the same Identification field; Fragment Offset indicates position.

  • Packet 1 (First Fragment)

    • More fragments flag: Set (..1. ....), indicating additional fragments follow.

    • Identification: e.g., 0x85df, shared across fragments.

    • Fragment Offset: 0, confirming this is the first fragment.

    • Total Length: 1300 bytes (20-byte header + 1280-byte data payload).

  • Packet 2 (Second Fragment)

    • More fragments flag: Not set (..0. ....), indicating the last fragment.

    • Identification: Same as first fragment (0x85df).

    • Fragment Offset: 1280, indicating position within original packet.

    • Total Length: 148 bytes (20-byte header + 128-byte data payload).

Note

  • Wireshark can verify fragmentation fields: Identification, Fragment Offset, and MF (More Fragments) flag.

  • Reassembly occurs at the destination to reconstruct the original packet.

  • Ensures large packets traverse links with smaller MTU without data loss.

Wireshark Capture

Download wireshark capture

Fragmentation - Testcases

Fragmentation - Test Cases

#

Test Case

Description

Expected Result

1

Packet Size > MTU, DF = 0

Fragmentation allowed

Packet is fragmented

2

Packet Size > MTU, DF = 1

Fragmentation not allowed

ICMP Fragmentation Needed sent

3

Packet Size ? MTU

No fragmentation needed

Packet forwarded as-is

4

First Fragment Sent

Offset = 0, MF = 1

Router forwards first fragment

5

Middle Fragment Sent

Offset > 0, MF = 1

Router forwards middle fragment

6

Last Fragment Sent

MF = 0

Router forwards last fragment

7

All Fragments Received

All fragments arrive

Host reassembles packet

8

Missing Fragment

One fragment lost

Reassembly fails, packet dropped

9

Fragment Timeout

Fragments delayed

Reassembly times out, packet dropped

10

Overlapping Fragments

Fragments overlap

Host handles or drops based on policy

11

Fragment Offset Not Multiple of 8

Misaligned offset

Packet dropped

12

Fragment Offset = 0

First fragment

Reassembly starts

13

Fragment Offset > 0

Not first fragment

Waits for earlier fragments

14

MF Bit Set

More fragments follow

Host waits for next fragment

15

MF Bit Cleared

Last fragment

Host completes reassembly

16

Fragmented Packet with Valid Checksum

Checksum correct

Packet accepted

17

Fragmented Packet with Invalid Checksum

Checksum incorrect

Packet dropped

18

Fragmented Packet with TTL = 1

TTL expires

ICMP Time Exceeded sent

19

Fragmented Packet with TTL > 1

TTL decremented

Packet forwarded

20

Fragmented Packet with Options

Options in first fragment

Options processed

21

Fragmented Packet with Options in Middle Fragment

Options missing

Packet dropped

22

Fragmented Packet with Padding

Padding present

Packet accepted

23

Fragmented Packet with No Padding

Misaligned data

Packet dropped

24

Fragmented Packet with Duplicate Fragments

Same fragment resent

Host handles gracefully

25

Fragmented Packet with Out-of-Order Fragments

Fragments arrive out of order

Host reassembles correctly

26

Fragmented Packet with Reassembly Buffer Overflow

Too many fragments

Packet dropped

27

Fragmented Packet with Reassembly Buffer Exhaustion

Multiple packets reassembling

Some packets dropped

28

Fragmented Packet with Source Routing

Source route option

Routing follows specified path

29

Fragmented Packet with Record Route

Route recorded

Option processed in first fragment

30

Fragmented Packet with Timestamp Option

Timestamp recorded

Option processed in first fragment

31

Fragmented Packet with Invalid Header Length

IHL incorrect

Packet dropped

32

Fragmented Packet with Invalid Total Length

Length mismatch

Packet dropped

33

Fragmented Packet with Reserved Flags Set

Reserved bit = 1

Packet dropped

34

Fragmented Packet with Unknown Protocol

Protocol not supported

Packet dropped

35

Fragmented Packet with Loopback Address

Destination = 127.0.0.1

Packet not routed

36

Fragmented Packet with Broadcast Address

Destination = 255.255.255.255

Packet broadcasted

37

Fragmented Packet with Multicast Address

Destination = 224.0.0.1

Packet forwarded to group

38

Fragmented Packet with Private Address

Destination = 192.168.x.x

Routed within private network

39

Fragmented Packet with Public Address

Destination = 8.8.8.8

Routed to internet

40

Fragmented Packet with NAT

Translated IP

Fragments handled by NAT device

41

Fragmented Packet with PAT

Port-based NAT

Reassembly before translation

42

Fragmented Packet with Firewall

Firewall inspects fragments

Policy applied per fragment

43

Fragmented Packet with IDS/IPS

Security device inspects fragments

Reassembly for inspection

44

Fragmented Packet with VPN

Encrypted tunnel

Fragmentation handled before encryption

45

Fragmented Packet with MPLS

MPLS label added

Fragmentation handled before encapsulation

46

Fragmented Packet with QoS

DSCP marked

QoS applied per fragment

47

Fragmented Packet with Logging Enabled

Logging active

Fragmentation events logged

48

Fragmented Packet with ICMP Error

Error in fragment

ICMP sent to source

49

Fragmented Packet with Reassembly Success

All fragments arrive

Original packet reconstructed

50

Fragmented Packet with Reassembly Failure

One or more fragments lost

Packet dropped, ICMP may be sent

  • Reference links