Encapsulation Header

MagikMark · Post by **MagikMark** » Thu Jul 09, 2020 4:59 am

Hi Philip!

D you happen to know the header size for:

Http Proxy

Stealth Proxy

Anonymous Proxy

Doing some experiment using AnyConnect Coupled with Proxy

Thanks

Post by **Philip** » Thu Jul 09, 2020 8:37 am

Not sure, but as far as packet sizes and payloads, they shouldn't be any different than standard VPN packets.

Proxies/HTTP operate at the application layer of the TCP/IP networking model, while TCP/IP packet headers are in the transport/networking layers. Same TCP/IP packets with their 40-byte headers (plus VPN tunneling overhead, if applicable) should carry proxy traffic the same as any other HTTP traffic.

MagikMark · Post by **MagikMark** » Sat Jul 11, 2020 1:40 am

Do you happen to have any experience on the impact of:

"netsh interface ipv4 set subinterface"

on the Tap Adapter? This would effectively change the MTU of the adapter

Care to share?

Thanks again

Post by **Philip** » Sun Jul 12, 2020 2:23 pm

You can always try and test, not sure exactly for your situation. After it is changed, you can do a ping -f test to see if packets get fragmented or not.
If it does change the MTU, it will have significant performance impact. It must be small enough to allow for any tunnel headers in addition to the standard 40-byte TCP/IP headers, typical VPN packets being around 1400 bytes. If you make them too small then the header overhead becomes too significant, if they are too big to fit the payload they have to be split, which adds processing delays, etc.