I initially had this poor view of the micro$haft tcp implementation. I =
did some digging on their site and came up with the following.

1) Micro$haft are following one of the RFC's for enhancing TCP =
throughput by avoiding fragmentation (hence the DF flag that you see)

2) When a MS box tries to establish a connection it sends its MSS. The =
dest box replies with its MSS and MS takes the lower. (As an example - =
the box I'm running on here sends an initial MSS of 16K - I'm on token =
ring, my NetBSD box (about 20 hops away) replies with an MSS of 1496 (or =
thereabouts), MS now uses an MSS of 1496 and sets DF

3) Assume we have a ppp link in the way which is using an MTU/MRU of 256 =
(which il legal providing that it will correctly receive a 1500 byte =
packet) then the gateway that has the PPP link should send an ICMP host =
unreachable. This ICMP will trigger MS to reduce their MSS.

4) A problem is that quite a few routers will dump the packet but fail =
to send the ICMP meaning that the link locks up and eventually fails. MS =
do present a strategy that should overcome this.

In all honesty I have far more trouble with the RFC1323. It seems that =
many (bonehead) net admins on company firewalls strip all options from a =
SYN (except for the original one - which I can't remember) - actually =
strip is too nice a phrase try mangle beyond all recognition or dump =
altogether. In NetBSD it's easy to turn off 1323 using sysctl but I =
haven't worked this out for Sun yet. Also VJ compression on the PPP link =
doesn't help with the 1323 either. We only run low BW*delay NW's so it =
hinders more than it helps.

One day when net managers in large companies are actually qualified =
beyond the absolute basics these advanced features that the boffins on =
the IETF come up with will work but I don't consider that that day is =
here yet.

I also consider that it is essential to allow users (or sysadmins on =
larger boxes) to toggle these advanced features. NetBSD is pretty good =
in this area. As an extension how about specifying it in the routing =