I'm suffering from a really weird problem where I randomly get "The connection to the server was reset" errors when trying to access web pages (HTTP error 12031 according to the Windows network diagnostic tool) – this happens regardless of whether the web page I'm trying to access is on the external internet or even if it's from a local Apache instance running on localhost. It affects all of the computers on our local network (Ethernet, not wireless), all of which are running Windows XP.
It has been suggested to me that it might be to do with the MTU used on network traffic. If I do the Ping Test to find out the largest packet that can go through unfragmented, I can ping the localhost with a package of 1492 bytes (+28 bytes for a header?) and I can ping our router with a package of 1462 bytes (which is 1490 bytes when you include the 28 byte header). If I try and ping something on the outside like Google, I can't get anything through bigger than 1430 (which is 1458 with the header).
I've tried following various sets of instructions to update the Windows XP Registry with this MTU setting, updating HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AdapterID}\MTU
. I've tried no end of alternative values: the most obvious correct value seems to be 1490, but I've also tried 1462, 1458, 1430, etc., etc. When I reboot the computer to make the change take effect, it seems to work for a few minutes (hard to tell for certain since it's always random rather than consistent) but it never lasts long.
Initially, when I was trying 1430 as a value, after a few minutes of working fine, the results of the Ping Test would decrease by 28 bytes – suddenly I'd find that I could only get a package of 1402 bytes through to Google. If I updated the MTU registry setting to 1402, when I rebooted and waited a few minutes, it'd then be 1374, then 1346, etc. etc. Other computers on the network remained unaffected (still at 1430) and removing the MTU setting from the registry would restore things to normal (and still broken).
The thing that I find the hardest about diagnosing all this is that it's very hard to tell if I'm even playing with the correct registry setting. So at it's simplest, my question would be: How can I tell what MTU setting Windows is trying to use?
Also, if anybody has any ideas how to tell why the MTU keeps dropping by 28, that would be useful too (e.g. is there a Windows log file somewhere where it will log something at the point where the value changes?)
Finally, if anybody can tell me definitively how to tell what MTU setting I should be trying to use, that would be great!
Best Answer
For Windows 7, Windows Vista and Windows XP, the MTU for various interfaces is available from Windows itself using
netsh
.Windows 7, Windows Vista
To show current MTU on Windows 7 or Windows Vista, from a command prompt:
And for IPv4 interfaces:
Note: In this example my Local Area Connection IPv6 interface has such a low MTU (1280) because i'm using a tunnel service to get IPv6 connectivity.
You can also change your MTU (Windows 7, Windows Vista). From an elevated command prompt:
Tested with Windows 7 Service Pack 1
Windows XP
The
netsh
syntax for Windows XP is slightly different:Note: Windows XP requires that the Routing and Remote Access service be started before you can see details about an interface (including MTU):
Windows XP does not provide a way to change the MTU setting from within
netsh
. For that you can:Tested with Windows XP Service Pack 3
See also
Short discussion on what MTU is, where the 28 bytes is coming from.
Your network card (Ethernet) has a maximum packet size of
1,500 bytes
:The IP portion of TCP/IP requires a 20 byte header (12 bytes of flags, 4 bytes for source IP address, 4 bytes for destination IP address). This leaves less space available in the packet:
Now an ICMP (ping) packet has an 8-byte header (1 byte
type
, 1 bytecode
, 2 bytechecksum
, 4 byte additional data):That's where the "missing" 28 bytes is - it's the size of the headers required to send a ping packet.
When you send a ping packet, you can specify how much extra payload data you'd like to include. In this case, if you include all 1472 bytes:
Then the resulting ethernet packet will be full to the gills. Every last byte of the 1500 byte packet will be filled:
If you try to send one more byte
the network will have to fragment that 1501 byte packet into multiple packets:
This fragmentation will happen behind the scenes, ideally without you knowing.
But you can be mean, and tell the network that the packet is not allowed to be fragmented:
The -f flag means do not fragment. Now when you try to send a packet that doesn't fit on the network you get the error:
The packet needs to be fragmented, but the Do not Fragment flag was set.
If anywhere along the line a packet needed to be fragmented, the network actually sends an ICMP packet telling you that a fragmentation happened. Your machine gets this ICMP packet, is told what the largest size was, and is supposed to stop sending packets too big. Unfortunately most firewalls block these "Path MTU discovery" ICMP packets, so your machine never realizes the packets are being fragmented (or worse: dropped because they couldn't be fragmented).
That's what causes web-server to not work. You can get the initial small (<1280 byte) responses, but larger packets can't get through. And the web-server's firewalls are misconfigured, blocking ICMP packets. So the web-server doesn't realize you never got the packet.
Fragmentation of packets is not allowed in IPv6, everyone is required to (correctly) allow ICMP mtu discovery packets.