openssh unix dev - Jun 2015 - [Q] TCP segment sent is larger than peers advertised MSS

Hello,

I am in the process of troubleshooting another problem and noticed a 
rather strange behavior with the openssh client. A client (OpenSSH 5.3) 
and a server (6.7p1) do the TCP handshake, the client announces a MSS of 
1460 (its MTU is 1500), while the server announces a MSS of 1260 (its 
MTU is set to 1300). What troubles me is, that the client is sending the 
server a frame of 2034 bytes (TCP segment length of 1968, during the 
"Client: Key Exchange Init"). Why is it that the client seems to
ignore
the servers MSS?

Thanks for your input


     tom

Hi,

On Fri, Jun 26, 2015 at 02:44:30PM +0200, Thomas Portmann
wrote:
> Why is it that the client seems to ignore the servers MSS?
TCP segmentation offloading in your network card.

So tcpdump is lying to you if you want to know "what packets are really
travelling over the wire".

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at
greenie.muc.de
fax: +49-89-35655025                        gert at
net.informatik.tu-muenchen.de

On 06/26/2015 05:10 PM, Gert Doering wrote:
> On Fri, Jun 26, 2015 at 02:44:30PM +0200, Thomas Portmann wrote:
Hello Gert and all,
>> Why is it that the client seems to ignore the servers MSS?
> TCP segmentation offloading in your network card.
>
> So tcpdump is lying to you if you want to know "what packets are
really
> travelling over the wire".
It turns out Gert was right (and I didn't even know TCP segmentation 
offloading exists)... but the mean thing is, even doing port mirroring 
to another computer, TCP segement reassembly happened on the monitoring 
computer in the NIC, so in wireshark I just saw one large frame, until I 
changed the NIC!

So, thank you Greg for your hint and Flavien for your response

Regards


     tom