The MSS has nothing to do with packet capture. MSS is a setting of the TCP/IP stack to define what the TCP segment size may be, so from 0 up to MSS. And Wireshark will happily dissect TCP packets with segments of any size.
And note that the "default" MSS is usually not the MSS that's used. An Ethernet packet has a maximum payload of 1500 bytes, an IPv4 header is a minimum of 20 bytes long, and a TCP header is a minimum of 20 bytes long, so the maximum TCP payload is 1500-(20+20) = 1460 bytes. That's the usual MSS that's negotiated.
Wireshark will, by default, capture the entire packet, however big that might be; as Jaap notes, that is not affected by the MSS.
While it looks like a MSS value is been negotiated, it is actually announced (advertised) in each of the two flows individually, instead of being negotiated.
Sidenote: This can lead to problems when routes are assymetrical over links with different MSS adjustments due to different MTU sizes or different amounts of encapsulation of each link.
Asked: 2022-04-20 19:29:57 +0000
Seen: 553 times
Last updated: Apr 21 '22
