MTU size on SYN packets

PeterUK · May 2021

tonygibbs16 said:

But in this scenario, does the client know that the USG has changed the MSS in the client's SYN ?

Thats beauty of this the client does not need to know as the remote end will just send smaller packets to the client and the client will happily accept them.

In other words when the client sends the SYN with MSS 1460 it only thinks it can receive them size packets so making it lower is fine.

tonygibbs16 · May 2021

Hello @PeterUK

I wonder if I have just had a lightbulb moment, after looking at https://www.imperva.com/blog/mtu-mss-explained/ ...

In the scenario you say, when the client's MSS is modified in the client's SYN packet by the USG, are you saying that that will change the size of the segments sent by the remote end towards the client?
- because the MSS in the client's SYN is saying what is the Maximum Segment Size (MSS) the client will accept in reception, and not the size of segments it will send.

Similarly, if the remote end's MSS is modified in the ACK, are you saying that that will change the size of the segments sent by the client?
- because the MSS in the remote end's ACK is saying what is the Maximum Segment Size (MSS) the remote end will accept in reception.

Have I got it now?

Kind regards,
Tony

PeterUK · May 2021

tonygibbs16 said:
Have I got it now?

Yes

and I tested that O2 for My 4G changes the MSS after the dongle to my server

PeterUK · August 2021

and with this setup by not change the MSS
MTU size on SYN packets — Zyxel Community
you can't get to 123.hp.com the server tries to push 1460MSS the USG sends a ICMP saying too big and the server keeps on trying without sending packets smaller.

This is a problem.
https://us.v-cdn.net/6029482/uploads/editor/sl/9bpiwlcmzhig.png

MTU size on SYN packets

Comments

Categories

Security Help Center