NMSSI Packet Analyzer Packet Size Restriction

Idea created by BobDavidson on Sep 8, 2016
    Not planned
    Score6
    • Jennifer_Pronko
    • jwhitcomb
    • apaulli
    • marjo41
    • BobDavidson
    • Steve_Beerman

    Please consider either allowing the customer to up the maximum size of a packet captured from 2000 to a higher value.

     

    Or perhaps a better solution would be to allow certain packets to not be truncated (well within reason), for example the first 20 packets in a connection could go thru without truncation or just certain types of data packet could be exempted for example SSL/TLS Hello exchange packets.

     

     

    The issue I have is since we have implemented SEGMENTATION OFFLOAD on our OSA cards larger packets are being passed to the NMSSI and thus we are seeing more truncation on out going packets.

     

    For example we now see SSL SERVER HELLO packets exceeding the 2000 byte limit. This one below was 4396 bytes

     

    PKT Packet # ........ 00006 Direction .......... Send

    Date ............ 08-SEP-2016 Time ............... 09:18:34.223058

    Link Name ....... OSA28P0_D104

    IP Source Addr ..... 10.xx.xx.xx Destination Addr ... 10.xx.xx.xx

    IP Version ...... 4 Header Length ...... 20

    Type of Service B'01000000' Offload Length ..... 4396

    Identification x'D91C'-x'D91E' Flags .............. DontFragment B'010'

    Frag Offset ..... 0 Time To Live ....... 64

    Protocol ........ TCP Header Checksum .... x'0000' (Incorrect)

    *WARNING* Truncated packet

    TCP Src Port ........ 6569 Dest Port .... 32900

    Rel Seq Num ..... 1 Rel Ack Num .. 113

    Seq Number ...... 2383163354 Ack Number ... 187702668

    Data Offset ..... 32 Flags ........ ACK PSH

    Window .......... 16384 Checksum ..... x'0000' (Incorrect)

    Urgent Pointer 0

    Segment Offload YES Offload Segments ... 3

    Segment Length 1448 Last Segment Length 1436

    TCP Option Value

    ---------- -----

    No Operation

    No Operation

    Time Stamp Value x'42BD7064'

    Echo Reply x'588C862C'

    Record 1

    Protocol ........ HANDSHAKE ( x'16' )

    Version ......... TLS 1.2 Length ....... 4665

    Message #1....... SERVER_HELLO ( x'2' )

    Length .......... 77

    Random Structure Content:

    Unix Time THU 08-SEP-2016 08:18:34 (GMT/UTC)

    Byte Seq x'6F00C418E49112D1A0159310A3014483A2431344DA82BB763A17DFF2'

    Session Id ( Length=32 )

    x'0004001D0A0A94948084000000000000000000000000000057D11EDA00018A08'

     

     

    +0610 01040182 37150704 30302E06 262B0601 b 7 00. &+

    +0620 04018237 15088187 8D1A85C0 940C84C1 b ag e{m dA 7

    +0630 952184D7 F02A84E2 EB158116 839AB37E n dP0 dS a c = ! * ¯

    +0640 D0BB4202 01640201 02301D06 03551D25 } B d 0 U %

    +0650 04163014 06082B06 01050507 03010608 0 +

    +0660 2B060105 05070302 30270609 2B060104 + 0' +

    +0670 01823715 0A041A30 18300A06 082B0601 b 7 0 0 +

    +0680 05050703 01300A06 082B0601 05050703 0 +

    +0690 02302806 03551D11 0421301F 821D4444 b 0( U !0 DD

    +06A0 4C307379 7374656D 2E736572 76696365 < ` _ L0system.service

    +06B0 2E746573 742E6772 6F757030 0D06092A ? .test.group0 *

    +06C0 864886F7 0D01010B 05000382 010100BA f f7 b H

    +06D0 B606A158 BEF0AD13 A8DDFBC1 2785C4F1 ¯ 0 y A eD1 X '

    +06E0 B3F39DAF 10A87499 57E5F1AA A57382E0 3 y r V1 v b\ t W s

    +06F0 8E6D97D6 6FC5F8C3 162EF5A2 5D524079 _pO?E8C 5s) ` m o . R@y

    +0700 A1772ACA EAEDCCCF 722D8DAF 12950C0B ¯ n w* r-

    ******************************************************* Bottom of data *********

     

     

    As a result on this truncation we don't see all the certificates or messages within the SSL HELLO SERVER packet making it difficult to check if the correct certificate chain is being sent with resort in using CTRACE.