TCP Packets in Raw socket - Centos 6.6

Question

I tried performing TCP traffic and capture that packets using RAW socket in other end .

I set window size to 50000 bytes. while sending the TCP traffic with max rate. I observe in wireshark around every 12 packets(1512 bytes packets) an ACk is send.

while receiving the packet in raw socket. i expected 12 packets as if i got in wireshark(i believe that wireshark also uses raw socket). But i was surprised to see one packet with send data stream.

To my knowledge, the RAW socket should receive in form of packets that is transmitted in wire and not as TCP streams.

I used below for raw socket to receive packet in port

  rawsd = socket(PF_PACKET, SOCK_RAW, ETH_P_ALL);

Is this anyway related to tcp_wrapper and OS tcp configuration.

sujai M J · Accepted Answer

Here is the answer i observed.

Linux Eth port have the configuration to set "tcp-segmentation-offload".

[root@Kernel317 home]# ethtool -k eth0
Features for eth0:
rx-checksumming: off
tx-checksumming: on
    tx-checksum-ipv4: off [fixed]
    tx-checksum-ip-generic: on
    tx-checksum-ipv6: off [fixed]
    tx-checksum-fcoe-crc: off [fixed]
    tx-checksum-sctp: off [fixed]
scatter-gather: on
    tx-scatter-gather: on
    tx-scatter-gather-fraglist: off [fixed]
tcp-segmentation-offload: on
    tx-tcp-segmentation: on
    tx-tcp-ecn-segmentation: off [fixed]
    tx-tcp6-segmentation: off [fixed]

On Enabling tcp-segmentation-offload, packets are clubbed together in eth port as full Data segment irrespective of MTU configured.

   ethtool -K eth1 rx on tx on

On disable tcp-segmentation-offload, packets are not processed in eth ports and packet of MTU size is received in RAW socket.

   ethtool -K eth1 rx off tx off

Thanks

TCP Packets in Raw socket - Centos 6.6

Answers (2)

Related Questions