The client NIC is set to MTU of 4000 and supposedly the switches along the paths. The SYN is showing a 1380 MSS instead of 3960. What is the cause?
asked 13 Jul '12, 02:52
converted 13 Jul '12, 05:01
There are several possibilities why the MSS is different than the MTU. Please check the items below and provide some more details about your environment.
answered 13 Jul '12, 16:35
Kurt Knochner ♦
edited 13 Jul '12, 16:42
I assume you made the capture on the server or very close to the server. The MSS value in the TCP options of a SYN or SYN/ACK packet can be altered by network devices in between the client and the server.
One reason to do this is when a VPN device tunnels TCP traffic, it will lower the MSS value to make sure there is no need to fragment the packet after the packet is encapsulated.
Cisco FWSM and ACE modules do lower the MSS by default to 1380, but you can change this by the following settings:
answered 18 Jul '12, 02:02