Segmentist - Maximum Segment Size Test
This is a test site to check whether a given HTTP(S) service appears to respect
Maximum Segment Size (MSS) restrictions.
Currently out of service, until I find time to port this tool to aya or libbpf-rs. (This message means that the input below doesn't work)
Warning: This tool is currently in early alpha state. There are still missing
features, and incorrect results may appear. Help is appreciated!
What's MSS?
MSS is the maximum
size a data packet can have in a TCP segment. A TCP segment is the payload contained
within TCP, i.e. the packet size without OSI layer 2/3/4
headers.
MSS can be advertised by hosts during the TCP handshake and is often 1460 bytes, because the
maximum size of an IP data-packet is often 1500 bytes, and the IPv4 and TCP headers are
~40 bytes long, though this can vary depending on options.
About this tool
This tool (source on GitHub) allows you to test a
certain server, identified by an URL, to check whether
that host appears to honor the MSS advertised by a system. To do this, this tool advertises
a fake MSS of 1000 bytes, even though the underlying network is capable of handling
larger packets. We analyze raw network packets to check their sizes and then infer whether
a host appears to honor the 1000 byte limit. 1000 bytes is much lower than what a usual
network can handle, but it's also not unreasonably small.
Limitations
- Only HTTP and HTTPS protocols are supported. Custom ports are supported.
No certificate verification is performed.
- Only IPv4 is supported at this time. IPv6 support is on the roadmap, but its
a non-trivial amount of effort.
- Error messages are fairly basic, much like the entire tool.
- Fragmented IP packets can cause issues, if the fragmented packets are
larger than the initial fragmented packet. This is due to a parser problem.
- If the HTTP(S) data exchange is too small, the tool may result inaccurate results,
because the target never had a reason to send large packets. It is preferable to
point this tool to URLs responding with at least 1KB of data.