What is the purpose of splitting an attack payload into multiple small packets?

The tactic hinges on how many intrusion detection systems analyze traffic. If the attacker sends the payload in many small fragments, each fragment on its own may not reveal the exploit. The IDS often detects attacks by reconstructing (reassembling) the original data stream to see the complete payload and match it against known signatures. By fragmenting the attack, the defender must successfully reassemble the stream to detect the exploit; otherwise, the attack can slip through if reassembly isn’t performed or fails. So the aim is to force the IDS to reassemble to reveal the malicious content, which makes this option the best fit. Fragmentation can occasionally bypass simple per-packet checks, but the stated purpose focuses on the need for reassembly to detect. Reducing latency isn’t the goal, and increasing total payload size isn’t achieved by fragmentation in this context.