Idea Details

NMSSI Packet Analyzer Packet Size Restriction

Last activity 01-16-2019 09:21 PM
Bob Davidson's profile image
09-08-2016 08:57 AM

Please consider either allowing the customer to up the maximum size of a packet captured from 2000 to a higher value.

 

Or perhaps a better solution would be to allow certain packets to not be truncated (well within reason), for example the first 20 packets in a connection could go thru without truncation or just certain types of data packet could be exempted for example SSL/TLS Hello exchange packets.

 

 

The issue I have is since we have implemented SEGMENTATION OFFLOAD on our OSA cards larger packets are being passed to the NMSSI and thus we are seeing more truncation on out going packets.

 

For example we now see SSL SERVER HELLO packets exceeding the 2000 byte limit. This one below was 4396 bytes

 

PKT Packet # ........ 00006 Direction .......... Send

Date ............ 08-SEP-2016 Time ............... 09:18:34.223058

Link Name ....... OSA28P0_D104

IP Source Addr ..... 10.xx.xx.xx Destination Addr ... 10.xx.xx.xx

IP Version ...... 4 Header Length ...... 20

Type of Service B'01000000' Offload Length ..... 4396

Identification x'D91C'-x'D91E' Flags .............. DontFragment B'010'

Frag Offset ..... 0 Time To Live ....... 64

Protocol ........ TCP Header Checksum .... x'0000' (Incorrect)

*WARNING* Truncated packet

TCP Src Port ........ 6569 Dest Port .... 32900

Rel Seq Num ..... 1 Rel Ack Num .. 113

Seq Number ...... 2383163354 Ack Number ... 187702668

Data Offset ..... 32 Flags ........ ACK PSH

Window .......... 16384 Checksum ..... x'0000' (Incorrect)

Urgent Pointer 0

Segment Offload YES Offload Segments ... 3

Segment Length 1448 Last Segment Length 1436

TCP Option Value

---------- -----

No Operation

No Operation

Time Stamp Value x'42BD7064'

Echo Reply x'588C862C'

Record 1

Protocol ........ HANDSHAKE ( x'16' )

Version ......... TLS 1.2 Length ....... 4665

Message #1....... SERVER_HELLO ( x'2' )

Length .......... 77

Random Structure Content:

Unix Time THU 08-SEP-2016 08:18:34 (GMT/UTC)

Byte Seq x'6F00C418E49112D1A0159310A3014483A2431344DA82BB763A17DFF2'

Session Id ( Length=32 )

x'0004001D0A0A94948084000000000000000000000000000057D11EDA00018A08'

 

 

+0610 01040182 37150704 30302E06 262B0601 b 7 00. &+

+0620 04018237 15088187 8D1A85C0 940C84C1 b ag e{m dA 7

+0630 952184D7 F02A84E2 EB158116 839AB37E n dP0 dS a c = ! * ¯

+0640 D0BB4202 01640201 02301D06 03551D25 } B d 0 U %

+0650 04163014 06082B06 01050507 03010608 0 +

+0660 2B060105 05070302 30270609 2B060104 + 0' +

+0670 01823715 0A041A30 18300A06 082B0601 b 7 0 0 +

+0680 05050703 01300A06 082B0601 05050703 0 +

+0690 02302806 03551D11 0421301F 821D4444 b 0( U !0 DD

+06A0 4C307379 7374656D 2E736572 76696365 < ` _ L0system.service

+06B0 2E746573 742E6772 6F757030 0D06092A ? .test.group0 *

+06C0 864886F7 0D01010B 05000382 010100BA f f7 b H

+06D0 B606A158 BEF0AD13 A8DDFBC1 2785C4F1 ¯ 0 y A eD1 X '

+06E0 B3F39DAF 10A87499 57E5F1AA A57382E0 3 y r V1 v b\ t W s

+06F0 8E6D97D6 6FC5F8C3 162EF5A2 5D524079 _pO?E8C 5s) ` m o . R@y

+0700 A1772ACA EAEDCCCF 722D8DAF 12950C0B ¯ n w* r-

******************************************************* Bottom of data *********

 

 

As a result on this truncation we don't see all the certificates or messages within the SSL HELLO SERVER packet making it difficult to check if the correct certificate chain is being sent with resort in using CTRACE.


Comments

01-16-2019 09:21 PM

Not planned. Management of increased capture size would create large overheads and impact product performance. 

09-09-2016 02:10 PM

Hi Bob,

We already have 'increasing the max limit' idea in our backlog.  From the research that was conducted already on your alternative solution, we found that it would be easier to increase the max limit than to be selective in the truncation.   I had the 'increase' idea research already planned but it was moved out for completing the 12.2 project.  I'll speak to Product Management about the customer demand and market demand on this item.

Thanks!

 Jennifer

 CA NetMaster Product Owner