I also would like to clarify some points:
1) "Note that the SRX MTU includes Ethernet switching header whereas other devices may only calculate it without Ethernet header and hence have a lower number."
This mentioned statement is not entirely true and I would like to avoid any confusions. Juniper handles two type of MTU values:
Protocol MTU (layer 3): this is the maximum size of an IP packet that can be sent/received on a logical interface/unit. Default value: 1500Bytes
Interface MTU (layer 2): this is the maximum size of an Ethernet frame that can be sent/received on a physical interface. Default value: 1514Bytes (IP packet + 14bytes of Ethernet header):
user@host> show interfaces fe-0/2/1 extensive
Physical interface: fe-0/2/0, Enabled, Physical link is Up
Interface index: 129, SNMP ifIndex: 23, Generation: 130
Link-level type: Ethernet, MTU: 1514, Speed: 100mbps, Loopback: Disabled,
Source filtering: Disabled, Flow control: Enabled
.
.
.
Logical interface fe-0/2/0.0 (Index 66) (SNMP ifIndex 46) (Generation 133)
Flags: SNMP-Traps Encapsulation: ENET2
Protocol inet, MTU: 1500, Generation: 142, Route table: 0
Flags: DCU, SCU-out
Fragmentation happens at Layer 3, the IP header is the header with the fields used for fragmentation; because of this we care about the MTU at layer 3: 1500B by default. We need to make sure that the packets wont exceed 1500B in size else the sending interface will be fragmenting them.
Regarding your questions:
+Why do we need to capture the packet on EX that is directly connected to srx. Why not on the SRX.
R/ This is not needed, as stated the pcap is needed on the remote SRX to determine if we are receiving fragmented esp packets.
+How can be easly captured the packet on Ex or srx?
R/not needed
+3rd party ISP has mpls, how can we get about ISP's mss value?
R/ MSS is a TCP concept (the amount of data that can be carried on a TCP segment). Before the data reaches the MPLS cloud it has to be encapsulated on TCP, then IP, then esp, the IP again. MSS is a concept relevant on the sending host side, where we need to lower it if we want to end up with smaller packets when they reach the MPLS cloud, where they will be encapsulated in MPLS hence ending up bigger in size.
+After the ISP, how can we verify packet size, and mss size when packet arrives the other end -SRX3400 on the datacentre (End-to-End mss value verification for ipsec traffic.)
R/ You can take a pcap on the external interface of the SRXbranch1 and there we will be able to see the size of the packet. Then we could sum up 4bytes of the MPLS header being added by your ISP. Im not sure what you meant with SRX3400, I thought that the remote SRX was a SRX650 as per the topology.