What is the difference between the MSS and MTU?


The MTU is the Maximum IP packet size for a given link . Packets greater in size than the MTU is fragmented at the point just where the lower MTU is found and reassembled further down the chain .

MSS is Maximum TCP segment Size . Unlike MTU , packet greater than MSS aren’t fragmented , they’re simply just discarded . MSS is usually made a decision in the TCP three-way handshake , however some setup might yield path where the decided upon MSS is still too big , leading to dropped packets . The MSS isn’t negotiated packet per packet , but for a complete TCP session , nor does it take into account TCP/IP headers

The IP stack will chop off data to be sent up to the MSS , put it in a TCP segment , then put it in one or more IP packets ( based on if it’s bigger than local MTU settings ) before sending it . Intermediate router could chop it down further if they have lower MTU , however they’re only affecting the IP Packet itself , not playing into the TCP segment/header .
e .g . When you use PPPoE , all the overhead will mean you needs to reduce the MSS on the way , normally by specifying it on the router where the chokepoint is found , which will then replace the MSS of passing threeway handshake by the correct lower value if it’s higher . PPPoE is just adding 8 bytes ( 6 bytes PPPoE + 2 bytes PPP ) on the top of everything ( IP+TCP ) and is intended to be run over Ethernet at 1500 bytes MTU , therefore the 1492 MSS normally configured to make it go through .

If no fragmentation is wanted , either you will have to check the MTU at each hop or use a helper protocol for that ( PMTUD )
Note that IPv6 does NOT support packet fragmentation by routers , therefore PMTUD with ICMPv6 is mandatory in the event that don’t want to loose packet somewhere because of the small MTU . Endpoints can fragment , but not routers Also , IPv6 has a higher MINIMUM MTU .