I'm working on a firewall and I would like to know how to calculate how many bytes there're in a packet or at least have an idea what the averages are.
When I googled it, 1500 bytes was mentioned a lot but it appears to depend on the file size and the protocol.
1500 bytes, is that for tcp ? What about icmp ?
Out of curiosity: what's the max size ?
One way to know the packet size using iptables is to use
-j LOGtarget. You can use this to log specific packets. In the system log file, you can see log records like:This packet is 1400-byte long. The max packet size is determined by the underlying protocol. The number 1500 can be associated with Ethernet frames.
The size changes because some machines have custom settings which alter the MTU:
http://en.wikipedia.org/wiki/Maximum_transmission_unit
The max size of the data frame is usually 1500, bytes, but Jumbo Frames extend that allocation:
http://en.wikipedia.org/wiki/Jumbo_frame
Here are the full specs:
http://en.wikipedia.org/wiki/Ethernet_frame
Run wireshark or ntop and evaluate the statistics. Either will show you a distribution of packet length across a period.
1500 bytes is the default MTU for many Ethernet devices. What @Khaled says herein.
If you look at it purely at the network perspective, then you don't have to calculate the packet size since it is included in the IPv4 header at the bit offset of 19–31.
http://en.wikipedia.org/wiki/IPv4#Packet_structure
So if you want to collect sizes of packets, you simple need tool that collects the IPv4 packet headers and stores them.
On very common tool is tcpdump/wireshark. Set it up a capture for a period of time. Then load up the capture in wireshark. There is an analysis tool built-in that will give you the statistics and information on packet sizes.
There are also monitoring tools like nTop which you might be able to install on your firewall. This tool would collect statistics in real-time.