This step builds on the subject of TCP/IP fingerprinting. This check should not be treated as strictly necessary, as not a single proxy server at our disposal at the time of writing failed it, but we still should mention it.
The MTU, standing for maximum transmission unit
, is the total size of a valuable data block in a single packet that can be transmitted by a protocol without fragmentation. When connecting to a server directly, a standard value is assigned to the MTU: e.g., 1500 for Ethernet, or 1480 for PPTP. However, when connecting through proxies using such protocols as PPTP, L2TP (± Ipsec), or IPsec IKE, the original packets are placed inside other packets, which leads to their greater size. To prevent excessive packet fragmentation and maintain a good data transmission speed, the OS decreases the MTU setting of the network interface, e.g., down to 1400 for IPsec.
Thus, it is possible to detect proxy usage by comparing the packet size to standard MTU/MSS values. You can check the MTU value using most checkers; we used Browserleaks
for our example.