Wireshark · Wireshark-users: Re: [Wireshark-users] MSS=1262

Wireshark-users: Re: [Wireshark-users] MSS=1262

From: Sake Blok <sake@xxxxxxxxxx>

Date: Tue, 14 Dec 2010 10:15:18 +0100

On 14 dec 2010, at 09:23, vincent paul wrote:

Is there any rationale ( security "protocol" or something...) to use MSS= 1212, 1260 or 1262?

Using a lower MSS happens when a link in the path has a smaller MTU than 1500. This can be a physical link or can be a virtual link which causes encapsulation (GRE, IPsec, MPLS, etc). The initial MSS in the SYN packet is then lowered by intermediate devices so that fragmentation at the IP layer is not needed along the way. A system might also configure a lower MTU size itself to prevent fragmentation along the way. This can be useful if the routers along the path do not change the MSS in the SYN packets.

The values 1212, 1260 and 1262 do seem low to me and would suggest either a link with a very low MTU or many encapsulations. Or fragmentation-paranoia on the side of the system administrator :-)

Cheers,

Sake

PS Please do not create a new topic by responding to another message, this messes up threading in mailreaders that support threads and might make your message go unnoticed.

References:
- [Wireshark-users] A way to see how many diffrent files are acessed using SMB/CIFS
  - From: Hime Marko
- Re: [Wireshark-users] A way to see how many diffrent files are acessed using SMB/CIFS
  - From: Martin Visser
- [Wireshark-users] MSS=1262
  - From: vincent paul

Prev by Date: [Wireshark-users] MSS=1262
Next by Date: Re: [Wireshark-users] Wireshark Crash--Error:lua5.1.dll Offset:0000c572
Previous by thread: [Wireshark-users] MSS=1262
Next by thread: Re: [Wireshark-users] MSS=1262
Index(es):
- Date
- Thread