First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Why is the MSS not the same?

So I was having an issue with packet loss accessing an app via telnet. So, I captured from the host (site A) and from the firewall close to the server (site B). The firewall can run tcpdump.

On the host, the 3-way HS the SYN from the host has the mss set to 1460 and the SYN,ACK from the server the mss is set to 1398.

On the firewall (close to the server), the SYN from the host has the mss set to 1400 and the SYN,ACK from the server the mss is set to 1460.

Both of these captures were taking in different locations, but at the same time. Shouldn't the 3-way HS show the same results on both ends if both were used to capture the same telnet session?

alexltk's avatar
1
alexltk
asked 2017-12-02 19:13:42 +0000
Christian_R's avatar
2.1k
Christian_R
updated 2017-12-03 14:20:13 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

It is not so uncommon. It seems that your Firewall does do some kind of MSS adjustment:

Here are some interesting links about this topic:

Maybe there is some kind of tunnel (VPN) in your Path.

Christian_R's avatar
2.1k
Christian_R
answered 2017-12-02 19:34:02 +0000, updated 2017-12-02 19:39:04 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Thanks for the links.

Yes, both sites are connected via site-to-site VPN.

I was able to fix the telnet problem by changing the MTU size on the firewall where the host is located. No packets have been lost since.

alexltk's avatar alexltk (2017-12-02 19:49:07 +0000) edit
more
  • delete

I have converted your answer to a comment, as it is more a comment

Christian_R's avatar Christian_R (2017-12-02 20:29:46 +0000) edit
more
  • delete

So do you still have any problems? What have changed at the MTU size?

Christian_R's avatar Christian_R (2017-12-02 20:47:26 +0000) edit
more
  • delete

All is good. I set the MTU setting from manual to 1438 (1410 + 28)

alexltk's avatar alexltk (2017-12-02 22:00:26 +0000) edit
more
  • delete

Is your question answered now or do you still have the question?

Christian_R's avatar Christian_R (2017-12-02 23:44:17 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer