Error Message Packet needs to be fragmented but DF set

Do you see an error notice that reads “Frag needed and DF set” or “Packet needs to be fragmented but DF set”? You’ve come to the right place if you’re inquisitive about this error message. Now let’s get into the specifics.


The Maximum Transmission Unit (MTU) is a crucial parameter in computer networking that determines the maximum size of data packets that can be transmitted over a network.

Here’s the information presented in an easy-to-read table:

Default MTU Size1500 bytes
SituationData packets may need fragmentation to fit within the MTU size in certain cases.
DF (Don’t Fragment) FlagInstructs routers not to fragment the packet.
ScenarioPacket with MTU 1500 reaches 1472 bytes, requiring fragmentation.
IssueDF flag is set despite needing fragmentation, causing potential complications.



2- Error Message: 

Error Message Packet needs to be fragmented but DF set

Error Message
Packet needs to be fragmented but DF set


  • The error message indicates that a data packet needs to be fragmented to fit within the Maximum Transmission Unit (MTU) size of the network.
  • However, the “DF” (Don’t Fragment) flag is set in the IP header of the packet, which instructs routers not to fragment the packet.
  • As a result, the packet cannot be forwarded, and the error message is generated.

2.2-Understanding MTU and Fragmentation

MTU (Maximum Transmission Unit)Maximum size of a data packet that can be transmitted without fragmentation.
FragmentationProcess of breaking a large packet into smaller fragments to fit the MTU size for transmission.
ReassemblyFragments are reassembled at the destination to recreate the original packet.
Routers’ RoleRouters perform fragmentation and reassembly along the path from source to destination.

3-The Issue of MTU 1500 and 1472 Bytes

The MTU of 1500 bytes is common in Ethernet networks. However, some situations, such as using a VPN or encapsulating packets with additional headers, can cause the effective MTU to decrease. As a result, a packet that is larger than the effective MTU will need to be fragmented.

  • When a packet size reaches 1472 bytes (1500 bytes minus the 28-byte IP and ICMP headers), it is just on the edge of requiring fragmentation.
  • If the DF flag is set in this case, and the packet encounters a router with an MTU less than 1472 bytes, the router will be unable to forward the packet, leading to network communication issues.

3.1-Root Causes

  1. VPNs and Tunneling: Virtual Private Networks (VPNs) and tunneling mechanisms add extra headers to packets, reducing the available space for data. As a result, the effective MTU is decreased, and packets may need to be fragmented more frequently.
  2. Encapsulation: Protocols like IPsec and Generic Routing Encapsulation (GRE) add encapsulation headers to the packets, further reducing the available space for payload data.
  3. VLAN Tagging: In VLAN-tagged networks, additional header bytes are added to each packet, which reduces the payload size.


getting an error message that says, “Packet needs to be fragmented but DF set” or “Frag needed and DF set“? 

To resolve this issue, you can try the following steps:

  1. SolutionsDetails
    Adjusting the MTU sizeReduce the MTU size on the device facing the issue. Try lowering it to values like 1400 or 1300 in network settings.
    Check router settingsEnsure the router’s MTU size matches devices on the network and is correctly configured.
    Check for path MTU discoveryEnable path MTU discovery on sending and receiving devices for automatic MTU size determination.
    Update firmware and driversKeep router firmware and network interface drivers up-to-date.
    Check for misconfigured firewalls or security settingsVerify firewall settings to ensure they are not causing the issue.
    Use a different connection typeTemporarily disable VPN or tunneling software as they may interfere with path MTU discovery.
    Check for network congestionMonitor network traffic for congestion and consider using the network during less busy periods.

Remember to apply these changes carefully, and if you are not familiar with network settings, it might be best to seek assistance from someone with networking expertise or your network administrator.


Error Message:

  • The error messages you mentioned, “Packet needs to be fragmented but DF set” and “Frag needed and DF set,” are related to the “Don’t Fragment” (DF) bit being set in the IP header of a packet.
  • When a device tries to send a packet that exceeds the Maximum Transmission Unit (MTU) size of the network, and the DF bit is set, the packet cannot be fragmented, leading to the error.

Understanding the Issue:

  • When data is sent over a network, it is divided into smaller units called packets. The MTU specifies the maximum size of these packets.
  • If a device tries to send a packet larger than the MTU, the router may attempt to fragment it into smaller pieces for successful transmission. However, if the DF bit is set in the packet’s IP header, the router knows not to fragment it.
  • When the packet is too large to be transmitted without fragmentation, and the DF bit is set, the router cannot break it down into smaller pieces. As a result, the packet cannot be sent, and you encounter the mentioned error messages.

Code Example: Here’s a simple Python code example that illustrates how the DF bit can be set in an IP packet using the scapy library:

from scapy.all import IP, ICMP, send
# Create an IP packet with the DF (Don't Fragment) bit set
packet = IP(dst="", flags="DF") / ICMP()
# Send the packet
Visual Understanding: Imagine you have a network with an MTU of 1500 bytes. You attempt to send a packet with a size of 2000 bytes, and the DF bit is set. Since 2000 bytes exceed the MTU, the router tries to fragment it into smaller packets. However, because the DF bit is set, the router cannot fragment the packet, resulting in an error.
The following diagram illustrates the situation:
|-----------------------| Packet with DF bit set: Size = 2000 bytes
| Router |                    MTU = 1500 bytes
|-----------------------| Fragmentation not allowed due to DF bit
|-----------------------| Error: "Packet needs to be fragmented but DF set" or "Frag needed and DF set"
| Error! |

To resolve this issue:

  • you need to ensure that the packet size does not exceed the MTU, or you can adjust the MTU size or remove the DF bit depending on your network requirements.
  • Please note that this is a simplified visual representation, and real network scenarios can be more complex. If you encounter this issue in your specific network setup, it’s essential to consider all the configurations and devices involved in the communication.


Leave a Comment