What is the difference between The capture shows some TCP packets encapsulating 1434 Bytes:
But the TCP layer analysis displays the same TCP packets with
I think that this TCP segment is encapsulating 1448 Bytes. 1448B plus 32B of TCP header (some TCP options are enabled) plus 20B of IP Header = 1500 Bytes as it is displayed in the analysis of the IP layer. So i have a question related to this one about But what happens if server announces MSS < 1452? LAN clients will receive MSS = 1452 from the server so only asked 11 May '14, 08:11  Miguelbc |
One Answer:
MSS clamping should only modifiy the MSS option in SYN flagged packets if the advertized MSS in the SYN packet is greater than the MSS of the local segment. E.g. if an external server announces an MSS of 1300 then it should just pass through unchanged if you MSS is 1452. That way the client knows that the server can only deal with segments up to 1300 bytes and everything should be fine. answered 11 May '14, 09:28  Jasper ♦♦ |
So i should check the iptables rule for MSS clamping in my router because its not working properly. By the way what is the difference between tcp.len and data.len filters?
not sure abou the tcp.len and data.len, as I have no trace that shows this. The ones I checked have the same tcp.len and data.len. I guess your example was created using frame slicing (meaning, you didn't capture the full packet), because it says in your screen shot "not all data available"). Maybe this is the reason why tcp.len and data.len differ.