Network Fault Diagnosis-use TTL to analyze network faults

Bkjia.com Comprehensive Report]1. TTL Introduction

TTL, which is short for "Time To Live". The Chinese name is "Time To Live". It is a very important parameter in the IP header. By using the TTL value, we can determine the operating status of the current network IP layer.

TTL indicates whether the router data packet in the network is discarded because it takes too long. The TTL is initially designed to determine a time range, and the packet is discarded after this time. Each time a packet passes through a vro, the TTL value is reduced by at least 1 by the vro. Therefore, the TTL value usually indicates the maximum number of vrouters that the packet can pass before it is discarded. When the TTL value is 0, the router discards the packet and sends an ICMP packet to the original sender of the packet.

There are many reasons why data packets cannot be transmitted to the destination within a certain period of time. For example, incorrect route table configuration may lead to an infinite loop of data packets. The solution is to discard the data packet after a period of time and then send a message to the sender, the sender determines whether to resend the data packet. When this happens in the network, the packet is repeatedly sent at the router where the router is configured incorrectly in the routing table. Each time the packet is sent, the TTL value is reduced by 1 until the data packet is discarded when the TTL is 0, this may cause data transmission errors in the network.

The default TTL value varies depending on the operating system and transmission protocol. Table 1 lists the default TTL values of common operating systems when transmitted over TCP and UDP protocols.

Table 1 default TTL values for different operating systems

Ii. view the data packet TTL value and analyze transmission faults

Network devices in the network are all processed by the operating system. Some hardware devices pre-install the system on the hardware chip.) When the network encounters a transmission fault, we can use the network detection software to check the data packets circulating in the network based on the information in the table above, and check the TTL value of the data packets to determine whether the fault is caused by wrong routing or other causes. Is to use the kolai Network Analysis System 5.0 to view the TTL value of a data packet.

TTL value viewed in kelai Network Analysis System 5.0

TTL in the figure) is 247. Combined with table 1, it is determined that the data packet is 61.139.2.69 from the source end) to 192.168.10.44 from the destination end) 255-247 = 8 vrouters in total, and no fault occurred during transmission.

Note:

1. determine the number of routers that the data packet experiences in the network. The default TTL value of the Source Device of the available data packet minus the TTL value of the captured data packet;

2. When you do not know the default TTL of the data packet source device, the TTL value greater than the captured data packet is generally used, and the default value is the closest to the TTL value.

3. the TTL field is 1 byte long, so the maximum TTL value is 255;

Check the data packet TTL to check whether the network transmission is normal. If the TTL value of the captured data packet is too small, it indicates that there may be transmission faults in the network. Check the route table configuration of the three-tier devices in the network and the route table information of each host in a timely manner.