====== Ping ======

===== Ping without Framenting =====

Data from Palo Alto Networks [[https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PN0gCAG|here]].

-f will mean that the ping is only sent if it isn't fragmented.

-l sets the size of the packet
<code>ping -f 10.1.1.1 -l 1472</code>

The reason to chose 1472 Bytes as the size for the first test is because the complete packet will then be 1500 Bytes.

Complete Packet = 20B(IP Header) + 8B(ICMP Header) + 1472B(Payload) = 1500 Bytes. 

Divide and conquer method has been used to find the Max value where the ping succeeds.
 
Based on the above test outputs it can be seen that the ping works when size is 1372 Bytes and fails when it is 1373 Bytes. 

This means only a 1400 Bytes packet will be able to reach the server and back without getting fragmented.

1372 Bytes + ICMP header 8 Bytes + IP header 20 Bytes = 1400 Bytes. 

To determine the Optimal MSS that can be used, take the result of the above test which is 1400 Bytes and subtract the potential TCP header and IP header value. 

1400 Bytes - (IP header 20 Bytes + TCP header 20 Bytes) = 1360 Bytes. 

So the Optimal MSS that can be used is 1360 Bytes. 

On PA firewall to adjust the MSS value to 1360 Bytes, the Adjustment size has to be configured as 140 Bytes.

1500 - 1360 = 140 Bytes

===== Windows Show MTU =====
Show MTU on Windows. It is in the left column
<code>netsh interface ipv4 show subinterface</code>