Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →
1-Second Detection
Know the instant traffic spikes. PPS checked every second.
Attack Classification
Identifies 8 attack types with protocol-level confidence scores.
Node Firewall Rules
Per-server iptables, null-routes, CDN rules & scripts.
Cloud Scrubbing
Auto-divert to Cloudflare, OVH, or Hetzner on attack detection.
BGP Mitigation
Auto-deploy FlowSpec, RTBH blackhole & rate-limiting via BGP.
Multi-Channel Alerts
Discord, Slack, PagerDuty, OpsGenie, SMS, email, webhooks.
IOC Pattern Matching
Identify Mirai, LOIC & botnets via payload-level indicator matching.
PCAP Capture
Full packet capture with AI-powered forensic analysis.
Status Pages
Auto-updated public incident pages for your users.
Real-Time Analytics Dynamic Baselines Threat Intel Multi-Node Maintenance Audit Log
Learn
Documentation Quick Start API Reference Agent Setup DDoS Protection Landscape Free Certifications NEW
Popular Guides
memcached Amplification Dynamic Baselines PCAP Forensics PagerDuty Setup
Company
About Us Partners White Label Referral Program Pay with Crypto System Status
Legal & Support
Contact Us Terms Privacy SLA
Who Uses Flowtriq

From indie hosts to ISPs — see how teams like yours use Flowtriq to detect and stop DDoS attacks.

Talk to Us →
Infrastructure
Hosting Providers ISPs MSPs Small Operators
Gaming
Game Server Hosting Game Studios
Business
SaaS Platforms E-Commerce Financial Services

Free Tool

MTU / MSS Calculator

Calculate the effective Maximum Segment Size (MSS) from your MTU, accounting for IP headers, TCP headers, and various network encapsulations.

Configuration

Additional encapsulation overhead

Overhead Breakdown

1460
Effective TCP MSS (bytes)
1500
Effective MTU
40
Total overhead (bytes)
97.3%
Payload efficiency
1472
Max UDP payload

Common MTU Values

Network TypeMTUNotes
Ethernet1500Standard for most networks
Jumbo Frames9000Datacenter / high-throughput LAN
PPPoE (DSL)14928 bytes PPPoE overhead
VPN (IPsec)~1400Varies by cipher suite
GRE Tunnel147624 bytes GRE overhead
VXLAN144654 bytes VXLAN overhead
IPv4 Minimum576RFC 791 minimum
IPv6 Minimum1280RFC 8200 minimum

Understanding MTU and MSS

The Maximum Transmission Unit (MTU) is the largest packet size that can be sent over a network link without fragmentation. The Maximum Segment Size (MSS) is the largest amount of data in a single TCP segment -- calculated as MTU minus IP header (20 bytes for IPv4, 40 bytes for IPv6) minus TCP header (20 bytes).

For a standard Ethernet connection with 1500-byte MTU: MSS = 1500 - 20 (IP) - 20 (TCP) = 1460 bytes. When encapsulation is added (VPN, VXLAN, GRE), the effective MTU decreases, reducing the MSS further.

Path MTU Discovery (PMTUD)

Path MTU Discovery is the process of determining the maximum packet size that can traverse a network path without fragmentation. It works by sending packets with the "Don't Fragment" (DF) bit set. If a router along the path has a smaller MTU, it sends back an ICMP "Fragmentation Needed" message.

You can test Path MTU on Linux with: ping -M do -s 1472 target.com (1472 + 28 bytes IP/ICMP header = 1500). Decrease the size until pings succeed to find the path MTU. On Windows, use: ping -f -l 1472 target.com.

Misconfigured MTU is a common cause of mysterious connection issues, especially with VPNs and tunnels. If TCP connections hang after the handshake or large packets get dropped, MTU mismatch is often the culprit. Flowtriq's PCAP capture feature can help diagnose these issues by capturing the actual packet sizes traversing your network.

Protect Your Infrastructure with Flowtriq

Deep packet analysis, real-time PPS monitoring, and PCAP capture for your network.

Start Your Free Trial
Export your results