What Is IP Fragmentation? | IP Fragmentation Attacks

Networks rely on packet transmission for sharing information between devices. The process of IP fragmentation helps break down a packet received into tiny fragments so as not to disrupt the data flow. In this article, learn what IP fragmentation is, how it works, the problems IP fragmentation attacks cause, and how to avoid the process.

What is IP fragmentation?

IP packet fragmentation is an IP process in which a large packet is divided into smaller chunks, called fragments, to fit through a network link with a smaller maximum transmission unit (MTU). This means it is broken into pieces equal to or smaller than the lower MTU.

An IP fragmentation involves sending data across a network in segments.

With a fragmented packet, the fragments transmit across a wide area network. The receiving device reassembles the fragments to reconstruct the original packet. 

MTU is the largest packet size transmitted over a network medium without fragmentation. Each network link, such as Ethernet or WiFi, has a maximum transmission unit. Ethernet, for example, typically has an MTU of 1500 bytes, while some other networks might have smaller MTUs. 

If an IP packet exceeds the MTU of any router along the path and lacks the "Don't Fragment" (DF) flag, the router divides it into smaller fragments that fit within the MTU of the next link.

All fragments except the last one have a "More Fragments" flag to indicate that there are more fragments to come.

Where does IP fragmentation occur?

Not every device along the path can handle fragmentation. Fragmentation happens in the network layer of the OSI model, as this layer is responsible for dividing the datagram received from the transport layer into pieces. It occurs primarily in a router or switch with Layer 3 capabilities and the source device’s network interface card. However, the card’s driver should support segmentation offload, which is a feature that offloads the task of segmenting large packets to the NIC hardware.

Routers handle fragmentation in IPv4 networks. IPv6, however, does not allow routers to fragment packets. Instead, the source device ensures packets are appropriately sized using Path MTU Discovery.

There are some exceptions where the original sender might fragment a packet. If Path MTU Discovery fails, for example, to discover the path's smallest MTU, then the sender might fragment the packet based on a default MTU value. Some protocols might also require the sender to fragment packets.

Why is IP fragmentation necessary?

The need for IP fragmentation arises when a packet is larger than the MTU of the network path it must transverse. Therefore, networks use fragmentation to transmit data effectively over communication networks.

Fragmentation isn't without its issues, however. It creates extra work for the network, and fragments can arrive out of order. Network engineers implement modern solutions to avoid problems that result from fragmentation. 

What causes IP fragmentation?

One cause of IP fragmentation is a network link's MTU mismatch. Assume your computer's Ethernet network has an MTU of 1500 bytes and your friend's smartphone's WiFi network has an MTU of 1400 bytes.

The issue is that when your computer sends a 1500-byte packet, it will encounter a router along the path that connects the Ethernet and WiFi networks. This router recognizes the packet is too large for the WiFi network's MTU, which is 1400 bytes. 

To ensure the file reaches your friend, the router fragments the 1500-byte packet into smaller packets, each fitting within the 1400-byte limit.

Factors that contribute to this mismatch include:

  • Different MTUs across networks. Each network link has its own MTU.
  • Initial packet size. The initial size of a data packet can vary depending on the application or protocol used.
  • Encapsulation. As data travels through different layers of the network stack, headers and trailers are added for encapsulation.
  • Path changes. Packets don't always take a fixed path through the Internet. It may change due to network congestion, link failures, or load balancing. 

Another cause involves using encryption or tunneling protocols such as a virtual private network to encrypt your file transfer for added security. The VPN software adds extra headers and information to each packet, increasing the size of each packet beyond the original 1500 bytes.

Finally, there’s network variability. The Internet is a heterogeneous environment with varying MTU sizes. An IP packet might pass through multiple networks with different MTU restrictions, necessitating fragmentation.

How IP fragmentation works

First, it’s important to understand the maximum size of an IP packet or diagram. The IP header includes a 16-bit field called the Total Length, which specifies the entire IP datagram length, including the header and data payload.

Since this field is 16 bits, it can represent values from 0 to 65,535 (2^16 - 1). Thus, the maximum size of an IP datagram is 65,535 bytes.

Imagine you need to send a large package, but the delivery truck has limited space. You'd split the package into smaller ones, each labeled with its original position and a unique identifier so the recipient can reassemble them. IP fragmentation works the same way.

IP fragmentation occurs in three steps: fragmentation, transmission, and reassembly.

When a router encounters a packet exceeding the MTU of the next network, it first divides the packet into smaller fragments. Each fragment receives a header containing crucial information:

  • Identification, which is a unique number identifying all fragments belonging to the original packet. It tells the destination device which fragments make up the original packet.
  • Flags, which indicate whether it's the first, middle, or last fragment.
  • Fragment offset, which specifies where the fragment fits within the original packet.

The router then sends these fragments across the network. Since they are smaller, they can pass through without issues.

At the destination, the receiving device uses the identification number and fragment offset to return the pieces in the correct order. 

The receiving device discards the packet in cases of missed fragments or corruption, prompting retransmission by higher-layer protocols like Transmission Control Protocol (TCP).

Example of IP fragmentation

Consider a scenario where a source device sends a 3000-byte packet over the Internet with a router having an MTU of 1500 bytes. The source device segments the packet into two fragments. The first fragment is 1500 bytes, and the second contains 1500 bytes minus headers.

Fragments are transmitted individually across the network. They are reassembled using the fragment offset and identification fields at the reassembling device.

What problems does IP fragmentation cause?

Knowing what causes IP fragmentation is essential for addressing the associated issues, such as:

  • Performance degradation for wireless networks. Each fragmented packet requires its own header containing information like identification numbers. Additionally, a fragment needs acknowledgment from the receiver to confirm successful delivery. The multiplication of headers and acknowledgements adds significant overhead to the network.
  • Reduced throughput and efficiency. Fragmentation, while sometimes necessary, takes up valuable bandwidth that could be used to transmit actual data. The technique requires more resources at both the sender and receiver.
  • Disordered packet delivery. When a large packet is fragmented, the different datagrams might take different paths through the network to reach the destination. Some paths might be faster, making the fragments out of order.
  • Increased error rate and packet loss. IP fragmentation can lead to packet loss due to the increased likelihood of fragment loss during transmission. Lost fragments require retransmission, using more resources.
  • Security risks. This process makes it harder to consistently implement security measures, such as encryption or authentication, across all packet fragments. Attackers might exploit these vulnerabilities.
  • Complicated quality-of-service (QoS). It complicates the QoS of your network as applications introduce delays when working with fragmented packets.

How to avoid fragmentation 

Several approaches are used to mitigate the issues associated with IP fragmentation. Consider employing them if you find you're experiencing fragmentation issues.

Enable Path MTU Discovery (PMTUD) on your devices

The algorithm determines the smallest MTU along the path to the destination. PMTUD allows the sender to adjust the packet size accordingly to avoid fragmentation. Most modern operating systems enable retransmission by default.

Also, you can verify its status and enable it if necessary through network settings. Make sure your devices support ICMP (Internet Control Message Protocol) messages, as PMTUD relies on it.

Reduce the MTU

If you know the smallest MTU in the network path, you can manually adjust your routers to use that MTU. Although reducing the MTU size may sound counterintuitive initially, it guarantees the correct size of packets from the start, eliminating the need for fragmentation.

Packet segmentation

Protocols, like TCP, have a mechanism for segmenting data into smaller chunks that fit within the MTU. This happens at the transport layer before the packets reach the IP layer, where fragmentation occurs. HTTP/2 protocol incorporates header compression techniques that reduce the size of headers in each packet.

Use compression algorithms

Compressing data before sending it can significantly reduce packet size. Compression is effective for text-based data or other types of data with high compressibility. Many applications have built-in compression options you can enable.

Using these tips can significantly eliminate IP fragmentation in your wireless networks. 

What is an IP fragmentation attack?

An IP fragmentation attack is a type of cyber attack that exploits the way the Internet Protocol (IP) manages the transmission of data packets.

It’s a type of Denial of Service (DoS) attack. In this attack, a cybercriminal manipulates these fragments to either overwhelm the target system or bypass security measures.

Common types of IP fragmentation attacks include teardrop attacks, in which an attacker sends overlapping fragments that cannot reassemble; UDP and ICMP flood attacks, which flood servers with corrupt packets that they must reject; and bone attacks, in which the attacker sets oversized fragments to crash the system.

Frequently asked questions

How does IP fragmentation differ between IPv4 and IPv6?

In IPv4, the source and any router along the path can fragment packets. In IPv6, only the source performs fragmentation.

What happens if a fragment is dropped during transmission?

The entire original packet must be retransmitted, fragmented, and reassembled. The process becomes inefficient and resource-heavy.

Can a VPN help to prevent IP fragmentation attacks?

Yes. A VPN acts as an intermediary between your device and the Internet. Any malicious fragmented packets the attacker sends would first reach the VPN server, which filters out malicious fragments before they reach your device.

Author

Written by Lizzy Schinkel & WhatIsMyIP.com® Editorial Contributors

Lizzy is a tech writer for WhatIsMyIP.com®, where she simplifies complex tech topics for readers of all levels. A Grove City College graduate with a bachelor’s degree in English, she’s been crafting clear and engaging content since 2020. When she’s not writing about IP addresses and online privacy, you’ll likely find her with a good book or exploring the latest tech trends.

Reviewer

Technically Reviewed by Brian Gilbert

Brian Gilbert is a tech enthusiast, network engineer, and lifelong problem solver with a knack for making complicated topics simple. As the overseer of WhatIsMyIP.com®, he combines decades of experience with a passion for helping others navigate the digital world.