LMTV Basics | Fundamentals of TCP/IP #6: Application Performance over the WAN (by DC Palter)
LMTV HomeLAN Alerts | IRS & NSA: Are You Scared Enough? (by the Oldcommguy)

Analyzing TCP Segmentation Offload (TSO) with Wireshark (by Paul Offord)

Most modern PCs and servers have powerful network interface chip sets that can provides TCP/IP functionality that cuts the load on the host machine.  The most common of these functions is TCP Segmentation Offload (TSO).  In this short article we use Wireshark to discover how TSO affects our interpretation of network traces.




A program running in a PC or server may make a single call to the TCP/IP stack to send, say, 5 KB of data.  The TCP/IP stack, which is a software driver within the operating system, must repackage the 5 KB so that it can be sent in multiple packets.  This operation is called segmentation and it consumes CPU cycles.  Additionally, the TCP/IP stack must handle issues such as retransmissions.

A network interface chip set that provides TSO allows the host TCP/IP stack to send a single 5 KB segment.  The network interface chip set then re-segments the data into, say, three packets with a TCP Length of 1,460 bytes and one of 798 bytes, making 5 KB in total.  This can all appear to be very confusing in a network trace, especially as the packets received may not be aggregated in a similar manner.

In the following short video ...

... we compare two traces side-by-side; one captured as the packets hit the TSO network interface and the other showing what actually flows on the wire.



[MP4 version here in case YouTube is blocked]


We discover that, bearing a few points in mind, analysis of TCP traffic before and after TSO repackaging is reasonably straightforward.

Best regards...Paul


Picture of Paul OffordAuthor Profile - Paul Offord has had a 38-year career in the IT industry that includes roles in hardware engineering, software engineering and network management. Prior to founding Advance7, he worked for IBM, National Semiconductor and Hitachi Data Systems.

Paul and the problem analysts at Advance7 help IT support teams in many business sectors to troubleshoot difficult performance and stability problems. Paul played a key role in the development of the RPR problem diagnosis method and is currently leading the TribeLab project to explore new ways to help IT support people troubleshoot performance and stability problems.