Mac OSX – Testing Packet Fragmentation Over VPN

KB ID 0001204 

Problem

Many moons ago I wrote a post about a problem where I had no RDP over a VPN connection, and all the hoops I jumped though to troubleshoot and fix the problem.

Today I had a similar problem, I was connected to a client via Cisco AnyConnect, and I had hair-pinned that traffic, from the client site, over an IPSEC VPN to their servers in the Data Center. Pings were successful, but not RDP. 

To be honest this affects various types of TCP traffic, but it only ever seems to trip me up with RDP! In the past I used to ping and set the traffic to ‘not fragment’ and manually set the packet size, then I increased/decreased the packet size until I found the optimal MTU size like this;

But these are Windows options, how can I do the same thing on my Mac?

Solution

Well things on the Mac are even easier! It will even find the value for you, (in a manner of sorts). You set the minimum packet size, and the maximum packet size, and ask it to increment each ping packet by one. Below I’ve narrowed the scope to fit it on one screenshot;

Syntax;

ping -g {lowest-value} -G {highest-value} -h 1 -D {IP-address}

As you can see above, I started at 1370 and the last ‘working’ ping was sequence 8, so the last working value was 1386

Related Articles, References, Credits, or External Links

NA

3 thoughts on “Mac OSX – Testing Packet Fragmentation Over VPN

  1. This is excellent. I’m trying to figure out how I can do this programmatically to find where the fragmentation occurs. In order to do that I have to use a switch in the ping command to stop the pings after a certain number of attempts. The “-c x” doesn’t seem to work.

  2. I’m confused. You have 9 sequences that returned a ping? And the 9th was 1386 bytes, not 1378 as your post says? Am I missing something?

Leave a Reply

Your email address will not be published. Required fields are marked *