Ask Your Question
0

Client and Server see different lowest MSS?

asked 2020-05-04 01:25:56 +0000

jack.chen.job gravatar image

updated 2020-05-04 12:10:53 +0000

grahamb gravatar image

I am learning to use wireshark to analyze a TCP traffic and I saw something weird to me:

client capture: ( public ip 166.1.1.1, private ip 172.16.8.4 )

1        172.16.8.4     40.1.1.1     TCP   [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=64 TSval=1963683730 TSecr=0 SACK_PERM=1
2        40.1.1.1     172.16.8.4     TCP   [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1440 SACK_PERM=1 TSval=568182194 TSecr=1963683730 WS=128

Server capture: ( public ip 40.1.1.1, private ip 10.240.1.10)

1        166.1.1.1   10.240.1.10     TCP   [SYN] Seq=0 Win=65535 Len=0 MSS=1452 WS=64 TSval=1963683730 TSecr=0 SACK_PERM=1
2        10.240.1.10   166.1.1.1     TCP   [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1460 SACK_PERM=1 TSval=568182194 TSecr=1963683730 WS=128

My question is about MSS. Client send MSS 1460, Server see it as 1452; Server send 1460, client see it as 1440. I understand MSS can be changed by a router between them, but is it normal MSS is changed to different value?

Now server will use MSS 1452 and client will use MSS 1440. I thought this could break the communication immediately since server will send tcp payload with MSS 1452, which could be dropped if the router between server and client only allow MSS 1440, but it didn't happen.

Is this normal?

edit retag flag offensive close merge delete

Comments

Found a article mentioned similar case: https://www.imperva.com/blog/mtu-mss-...

So it could happen the client and server use different MSS. Probably will only happen with asymmetric routing, and in a customer environment with special requirement ( GRE, VPN, etc), typical Internet router shouldn't do this kind of adjustment?

jack.chen.job gravatar imagejack.chen.job ( 2020-05-04 11:48:13 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-05-04 21:04:48 +0000

SYN-bit gravatar image

Yes, the MSS option in the SYN and SYN/ACK are advertisements and not a negotiation. When the adjusting of the MSS value is different for each direction, this could lead to problems in the same way as when no adjustment has been done.

If you have control over the devices that to the adjustments, then you can fix it there. If not, you might want to change the MTU on one of the endpoints or make another intermediate device under your control adjust the MSS to the lowest value.

edit flag offensive delete link more

Comments

Thanks Sake. based on https://www.imperva.com/blog/mtu-mss-... , this could be a valid setting when the routing is asymmetric with special requirement.

For the particular captures I have, the client 166.1.1.1 is a home machine with gigabit Fiber Internet and 40.1.1.1 is a Cloud VM. The reason we run tcpdump is trying to figure out why from time to time the Internet throughput is only 700KB/s ~1MB/s for some websites. Originally I thought the MSS adjustment was done by some Internet routers between the client/Server, but now I think it's probably not the case, since Internet router doesn't need to do GRE/VPN for public traffic.

Now I have found another system from same service provider shows MSS 1460, so I guess the in/out MSS adjustment were done by the home machine's home router ( A ...(more)

jack.chen.job gravatar imagejack.chen.job ( 2020-05-05 13:32:29 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2020-05-04 01:25:56 +0000

Seen: 1,085 times

Last updated: May 04 '20