Fragmentation
Druing a performance Problem with a VPN Connection, it it's nessesary to know, if the Pakets are fragmented, or not.
For this, you must analyse in the IP header the 3 Bit's of the IP Flags
	
	Bit 0                      : reserviert, muss 0 sein
	Bit 1 (DF (Don't Fragment)): 0/1 can/can not be fragmented 
	Bit 2 (MF (More Fragments)): 0/1 no more/more fragments
 
	tcpdump
	ip[6] & 0x80	Reseved bit
	ip[6] & 0x40	DF bit
	ip[6] & 0x20	MF bit
	
	wireshark/tshark
	ip.flags.rb 	reseved bit
	ip.flags.df 	DF bit
	ip.flags.mf 	MF bit
and here a complet command line for pakets with a "more fragments bits set" 
	trilobit@bitmonsterli:~/work$ tcpdump -nn -r tracefile.dmp 'ip[6] & 0x20 == 0x00'
or with wireshark, you can use the filter: 
	ip.flags.df == 1

(c) 2008 by packetlevel.ch / last update: 17.06.2008