MTU & MSS Calculator

Calculate the Maximum Segment Size (MSS) and effective MTU by accounting for encapsulation overheads. Essential for troubleshooting "black hole" connections and fragmentation issues.

Standard Ethernet is 1500. Jumbo frames are typically 9000+.

Encapsulation Overheads

Select the protocols used in your path:

Calculation Results

Effective MTU
1460
TCP MSS
1420

Overhead Breakdown

Total Tunnel Overhead 0B
Pro Tip: Based on AWS Best Practices, if using AES-GCM, the recommended MTU is 1446 and MSS is 1406.

Understanding MTU vs. MSS

The Maximum Transmission Unit (MTU) is the size of the largest protocol data unit (PDU) that can be communicated in a single network layer transaction. For Ethernet, this is typically 1500 bytes.

The Maximum Segment Size (MSS) is a parameter of the TCP protocol that specifies the largest amount of data, specified in octets, that a computer or communications device can handle in a single, unfragmented piece.

IPsec Overhead Calculation

IPsec overhead varies significantly depending on the encryption and hashing algorithms. Modern algorithms like AES-GCM are more efficient because they combine encryption and integrity into a single pass, resulting in less overhead (approx. 54 bytes) compared to older AES-CBC with SHA-512 combinations (up to 94 bytes when NAT-T is enabled).

Why does this matter?

If a packet is larger than a link's MTU, it must be fragmented or dropped. In modern networks, Path MTU Discovery (PMTUD) is supposed to handle this, but firewalls often block the necessary ICMP "Fragmentation Needed" messages, leading to "TCP Black Holes" where small packets (like SYN) pass, but larger data packets are silently dropped.