Is the tcp "options" header always preserved over switches, routers, & firewalls?

Posted on 2008-10-16
Last Modified: 2013-11-29
I want to make use of the TCP "options" header (see in an application.  Is the tcp "options" header always preserved over switches, routers, & firewalls?
Question by:Juzzam2
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment

Accepted Solution

larsga earned 250 total points
ID: 22743318
Are you asking about putting un-standardised data in the header? If you diverge from the already standardised option types, you risk getting into problems with devices that do more than just simple forwarding of the packets.

A switch or a simple router will not alter or drop the tcp options header. They don't even look at, or care, about what is in this header.

Firewalls / intrusion detection/prevention systems / home broadband routers doing NAT and other more complex network devices might look at this header and drop or alter what is there if they do not understand the contents. Even with well documented tcp option types, there have been many examples of firewalls/NAT etc that got it wrong and caused problems.

See RFC 2780:
"Security analyzers such as firewalls and network intrusion detection monitors often rely on unambiguous interpretations of the fields described in this memo.  As new values for the fields are assigned, existing security analyzers that do not understand the new values may fail, resulting in either loss of connectivity if the analyzer declines to forward the unrecognized traffic, or loss of security if it does forward the traffic and the new values are used as part of an attack."

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
WatchGuard T50 - Internet Priority Based on VLAN or User 1 78
redistribute default route to EIGRP? 2 80
Remote Desktop Support Tools Like "Go to MY PC", etc 10 70
Article by: rfc1180
The Maximum Segment size (MSS) is an important consideration when troubleshooting connectivity via the Internet/Intranet. As the packets are routed via the Internet/Intranet, the packets must traverse through multiple routers in the path between two…
Please see preceding article here: Figure 1 After Root Bridge has been elected, then what?..... Let's start by defining a Root Port in la…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question