[Shorewall-users] Way OT: MSS/MTU question.

chris ck2 at softhome.net
Tue Dec 16 15:30:57 PST 2003

>>Well, from what I remember, the MSS value isn't determined by YOU,
>>set by the RECEIVER of the segment.  Therefore, it's possible that 
>>during the establishment of the connections you showed, the receivers
>>set the MSS to 40.
>Not really. Packet sniffing helped by some backing of some RFC's.
>Mainly  732 and now replaced by RFC 1122. In the initial tcp start or
>circuit setup sequence, each system knows its MTU value and sends its
>max MSS value -40 bytes for the IP and TCP headers. (these are the
>minimum values) In actuallity IP packets have a 20 byte header, with a
>maximum of 60 bytes being used for data. Tcp segments have same type of
>value sizes.. And although RFC 1122 states that TCP implementations
>must set aside 40 bytes of data when a segment is created, this isn't
>always enough. (by the way I'm taking some of this info from a book as
>well called "Internet Core Protocols" The definitive guide. O'Reilly
Ok...checked the RFC.  The MSS is determined by whichever host has the 
'smaller' of the two advertised MSS options.
Also didn't know that the MSS option is only used if the host sending is 
using some value other than the DEFAULT value of 536 and if the option 
is NOT sent, the receiver ASSUMES a MSS value of 536.

In any case, is this leading to an answer to the original question?


More information about the Shorewall-users mailing list