This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

MTU size causing issue

0

Hi guys, I have two capture files, one is when the PC has an MTU of 1300, and the other when I have an MTU of 1500.

There are 2 servers, when accessing via https/rdp it does not work when the MTU is 1500 on the local pc - the page just shows blank white.

But when 1300 MTU is set locally, the page loads correctly. Looking at the capture, seems like a lot of retransmissions and resets are happening even when its working correctly. any ideas on what this is?? no changes are are made to the servers, just the local PC.

captures: http://kdn.co.nz/ftpaccess/mtuof1500.pcapng http://kdn.co.nz/ftpaccess/mtuof1300.pcapng

asked 31 Jul '14, 17:50

Flamer's gravatar image

Flamer
11113
accept rate: 0%

edited 03 Aug '14, 15:20

it's not possible to download those file, at least nothing happens on my system. Please use a different file hoster.

(01 Aug '14, 00:17) Kurt Knochner ♦

apologies about that, updated links!

(03 Aug '14, 15:21) Flamer

One Answer:

0

I'm sorry, but the file mtuof1500.pcapng does not contain enough data to figure out what's going wrong.

Furthermore, you would need a capture taken at the client side and at the server side in parallel to identify any MTU related problems, which are quite common with VPNs.

Regards
Kurt

answered 04 Aug '14, 02:12

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

thanks for the reply Kurt. The 1500 capture is actually the whole ssl transaction. I started the capture then tried to load the page, waited a few seconds after it failed to load then stopped the capture. I don't think there is anything more the client can give. However I don't have access to the server to run wireshark on it. I suspect the server may have an issue, because even the 1300 capture looks rather strange doesnt it?

(04 Aug '14, 16:33) Flamer

The 1500 capture is actually the whole ssl transactio

O.K. then I need more information about your setup, because there is only one re-transmission and then the capture file ends. That does not explain what you are describing. BTW: The largest frame in mtuof1500.pcapng is 1286 bytes, so I don't see any relation to the MTU of 1500. Looks like the problem (which is not visible in the capture file!) is caused by something else and it is not related to the MTU size.

Please add the following details:

  • is your VPN a site-2-site VPN (VPN gateways) or a client-2-site (VPN software on one side)
  • what kind of VPN is this (IPSEC, SSL, OpenVPN, etc.) and what is the vpn software
  • where did you change the MTU
  • is there any security software on one of the involved systems, like AV, Firewall, Endpoint Security? That could cause problems as well, although I don't see any relation to the MTU size.
  • what happens if you change the MTU size to 1480 and 1450?
(04 Aug '14, 23:01) Kurt Knochner ♦