Ask Your Question
0

Why is the MSS not the same?

asked 2017-12-02 19:13:42 +0000

alexltk gravatar image

updated 2017-12-03 14:20:13 +0000

So I was having an issue with packet loss accessing an app via telnet. So, I captured from the host (site A) and from the firewall close to the server (site B). The firewall can run tcpdump.

On the host, the 3-way HS the SYN from the host has the mss set to 1460 and the SYN,ACK from the server the mss is set to 1398.

On the firewall (close to the server), the SYN from the host has the mss set to 1400 and the SYN,ACK from the server the mss is set to 1460.

Both of these captures were taking in different locations, but at the same time. Shouldn't the 3-way HS show the same results on both ends if both were used to capture the same telnet session?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2017-12-02 19:34:02 +0000

updated 2017-12-02 19:39:04 +0000

It is not so uncommon. It seems that your Firewall does do some kind of MSS adjustment:

Here are some interesting links about this topic:

Maybe there is some kind of tunnel (VPN) in your Path.

edit flag offensive delete link more

Comments

Thanks for the links.

Yes, both sites are connected via site-to-site VPN.

I was able to fix the telnet problem by changing the MTU size on the firewall where the host is located. No packets have been lost since.

alexltk gravatar imagealexltk ( 2017-12-02 19:49:07 +0000 )edit

I have converted your answer to a comment, as it is more a comment

Christian_R gravatar imageChristian_R ( 2017-12-02 20:29:46 +0000 )edit

So do you still have any problems? What have changed at the MTU size?

Christian_R gravatar imageChristian_R ( 2017-12-02 20:47:26 +0000 )edit

All is good. I set the MTU setting from manual to 1438 (1410 + 28)

alexltk gravatar imagealexltk ( 2017-12-02 22:00:26 +0000 )edit

Is your question answered now or do you still have the question?

Christian_R gravatar imageChristian_R ( 2017-12-02 23:44:17 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2017-12-02 19:13:42 +0000

Seen: 52 times

Last updated: Dec 03