ToolPatch

One page. One job. Done.

← Back to all tools
Network

MTU MSS Calculator

Calculate effective payload and TCP MSS from MTU and tunnel overhead.

Formula reviewed: 2026-02-14 Network

MTU MSS Calculator estimates TCP Maximum Segment Size from link MTU and protocol overhead. MTU is the largest packet size a link can carry without fragmentation, while MSS is the largest TCP payload segment after subtracting IP and TCP headers. Encapsulation layers such as PPPoE, VPN tunnels, GRE, VXLAN, or IPsec consume additional bytes, reducing the payload that fits inside the same physical frame. If MSS is too high, packets may fragment or fail when path MTU discovery is blocked; if it is too low, throughput can suffer from unnecessary overhead. This tool is useful for diagnosing tunnel performance, intermittent web failures, and TCP clamping settings, but live paths should be verified with packet captures or network tests.

Permalink

Input Pattern

Enter values in the left panel, keep units explicit, run the calculation, then copy or share the result. Invalid fields are highlighted immediately.

How to use this tool

  1. Enter MTU, IP version, Transport, Tunnel for the mtu mss calculator, keeping units, dates, or text format consistent with the form labels.
  2. Confirm address formats, masks, ports, or hostnames match the network environment you are checking.
  3. Click "Run the tool" and review MTU/MSS Inputs, Result for the primary output.
  4. Compare the output with device, provider, or DNS authority settings before applying a live network change.

MTU/MSS Inputs

Result

IP header: 20 bytes

Transport header: 20 bytes

Tunnel overhead: 0 bytes

Max payload: 1460 bytes

TCP MSS: 1460 bytes

MTU, MSS, and Packet Sizing

Frames, Packets, and Segments

Maximum Transmission Unit, or MTU, is the largest packet payload a network link can carry without fragmentation at that layer. On common Ethernet networks, the IP MTU is often 1500 bytes. Maximum Segment Size, or MSS, is a TCP concept: it is the largest TCP payload that fits after IP and TCP headers are accounted for.

For IPv4 with no options, a 1500-byte MTU usually means an MSS of 1460 bytes because the IP header is 20 bytes and the TCP header is 20 bytes. IPv6 has a larger base header, so equivalent calculations differ. Encapsulation, tunnels, and options reduce the available payload further.

Fragmentation and Path MTU

When a packet is too large for a link, it may be fragmented or dropped depending on protocol and flags. Fragmentation adds overhead and can hurt performance. If fragments are lost or blocked, connections may stall in confusing ways. IPv6 routers do not fragment packets in transit; hosts are expected to discover a suitable path MTU.

Path MTU is the smallest MTU along the route between endpoints. A local interface may support 1500 bytes, but a VPN, PPPoE link, GRE tunnel, or cloud overlay may lower the effective path size. Applications feel the path limit, not just the local link setting.

MSS Clamping

MSS clamping adjusts the MSS value advertised during TCP connection setup so endpoints send segments that fit the path. It is commonly used on routers and firewalls at tunnel boundaries. Done correctly, it prevents oversized TCP packets without relying on fragmentation.

MSS clamping helps TCP, but it does not fix every protocol. UDP applications, ICMP filtering, nested tunnels, and nonstandard headers can still create packet-size issues. Troubleshooting often requires testing with controlled packet sizes and the do-not-fragment behavior where applicable.

Operational Symptoms

MTU problems often look strange: small requests work, large transfers hang, some websites load partially, VPN connections authenticate but file transfers fail, or TLS handshakes stall. Because routing and firewall rules may appear correct, packet sizing can be overlooked.

A good network design accounts for encapsulation overhead before deployment. A good troubleshooting path checks interface MTU, tunnel overhead, path MTU discovery, ICMP filtering, TCP MSS, and application behavior. The numbers are byte-level details, but the user impact can be very visible.

Formula or method

Worked example

VPN tunnel MSS check

Result: The safe TCP MSS is lower than the usual 1460-byte Ethernet MSS because tunnel overhead consumes part of the packet budget.

If large transfers hang through the tunnel, compare this value with router/firewall MSS clamping and path MTU discovery behavior.

How to interpret the result

Common mistakes

Formula References

Assumptions

Review note and limitations

Method - header-overhead subtraction for MTU, MSS, and selected tunnel encapsulation assumptions.

FAQ

What is the difference between MTU and MSS?

MTU is the maximum packet size for a link or path, while MSS is the largest TCP payload after IP and TCP headers are subtracted.

Why does a VPN reduce MSS?

VPN encapsulation adds headers. Those extra bytes leave less room for the original packet payload inside the same path MTU.

How do I verify an MTU or MSS fix?

Check device configuration, use controlled packet-size tests, review packet captures, and retest the application traffic that previously failed.

Explore more versions

Tailored guides for specific audiences, regions, and scenarios.

Related tools and workflows