What Is MTU (Maximum Transmission Unit)?

To a programmer or developer, the acronym MTU stands for maximum transmission unit. It's a measurement (typically in bytes) of the largest data packet a device can accept via an internet connection. 

The smaller the MTU, the faster something can move from one place to another. If you're looking for a way to reduce network delays, examining MTUs could be helpful.

But with tight MTU limits comes a greater need for fragmentation. Unfortunately, that introduces a risk of hackers being able to interfere, but you can take steps to protect your organization.

What is MTU?

Think of MTU as a capacity measurement. When you know a device's MTU, you know just how much data (in bytes) you can send without leaning on fragmentation. 

Let's define a few terms:

  • MTU: An MTU is based on the physical properties of the device you're using. It could be something big, like a server. Or it could be something small, like a switch. In most Ethernet networks, 1500 bytes is an internet-standard MTU. But if you're using a different media type, you could have many more bytes to play with. 
  • Packet: What can you measure with an MTU? That number refers to the size of a packet, or a chunk of data you're sending from one place to another. 
  • Fragmentation: You must send a very large piece of data. It will be broken into small pieces and reassembled when it arrives. Each new packet has destination and source information, and it contains reassembly instructions. 

Now, let's put all of these terms to use. 

You're preparing to send a packet that's 1,500 bytes. Your router can accept that load, but the first switch you use can only take 700 bytes at a time. Your packet will be split into three pieces by the router and sent along to the switch. When all three packets arrive, they're reassembled. 

The MTU network comes with plenty of benefits. For example, most consumers expect websites to load in less than two seconds. If that person's device must wait for a large data element (like a big photograph) to arrive and load, impatience can build and build. Fragmentation allows that element to load in pieces as it arrives. 

But fragmentation comes with risks too. And sometimes, the dangers outweigh the benefits. 

When can't you fragment?

While breaking packets up per MTU is handy, hackers can manipulate the functionality. As a result, some programmers aim to limit (or eliminate) the practice. 

For example, hackers can send packets that seem fragmented, and the destination waits for all the pieces to arrive. If the missing pieces never come, the server consumes so many resources by waiting that it eventually breaks. 

As a workaround, some developers put a "Don't Fragment" tag in the header of their packets. If any router, switch, or device can't handle the full size of the packet and wants to fragment it, that option isn't available. The item will drop the packet and send an incomplete message back to the packet's origin. 

In IPv6, the latest version of the Internet Protocol, the "don't fragment" state is the default. You'll need to code around it if you'd like to fragment. 

Dropped packets are a hassle for senders and recipients, and developers are encouraged to do all they can to research their data paths before they send anything. The Path MTU Discovery technique allows developers to send tiny packets with "Don't Fragment" tags along their chosen path. They repeat over and over until they begin to hit warnings about large packet sizes. In this way, they understand the MTU of each item in the path.

Why does MTU matter?

The more you understand basic computing terminology, the better you'll be at defending your company from hackers. MTUs and fragmentation techniques might seem simple. But they are powerful tools for hackers hoping to take down your system if you don’t stay aware and prepared.

Find out more about how Okta can help you protect your network.


MTU Size Issues. (May 2013). Networkworld. 

Vrooom! Why Website Speed Matters. (May 2017) Entrepreneur. 

Fragmenting IPv6. (May 2016). APNIC.