TTL in TCP/IP

TTL is a value in the IP protocol package. It tells the network whether the packet is discarded because the time in the network is too long. There are many reasons that the package cannot be delivered to the destination within a certain period of time. The solution is to discard the packet after a period of time and then send the packet to the sender, which determines whether to resend the packet. The initial value of TTL is usually the default value of the system, which is the 8-bit domain in the header. The original assumption of TTL is to determine a time range and discard the package after this time. Since each vro must at least reduce the TTL domain by one, TTL usually indicates the maximum number of vrouters that can pass the packet before it is discarded. When the Count reaches 0, the router decides to discard the packet and send an ICMP packet to the original sender.
 
Basic Introduction

TTL
TTL: (Time To Live) survival Time
Specify the number of CIDR blocks allowed to pass before a packet is discarded by the router.
TTL is set by the sending host to prevent data packets from continuously repeating over the IP network. When forwarding IP data packets, the router must at least reduce TTL by 1.
ICMP packet types involved in PING
An ICMP Echo Request)
ICMP Echo Reply)
The TTL field value helps us identify the operating system type.
The TTL value of the ICMP echo response in UNIX and UNIX operating systems is 255
Compaq Tru64 5.0 the TTL field value of the ICMP echo response is 64
The TTL field value of the WINXP-32bit echo response is 64
The TTL value of the ICMP echo response in Microsoft Windows NT/2 K/2003 operating system is 128.
The TTL field value of the ICMP echo response in Microsoft Windows 95 is 32.
Of course, the returned TTL value is the same
But in some cases
The TTL field value of LINUX Kernel 2.2.x & 2.4.x ICMP echo response is 64.
FreeBSD 4.1, 4.0, 3.4;
Sun Solaris 2.5.1, 2.6, 2.7, 2.8;
OpenBSD 2.6, 2.7,
NetBSD
Hp ux 10.20
The TTL field value of the ICMP echo response is 255
Windows 95/98/98SE
Windows ME
The TTL field value of the ICMP echo response is 32.
Windows NT4 WRKS
Windows NT4 Server
Windows 2000
Windows XP
The TTL field value of the ICMP echo response is 128
In this way, we can identify the operating system through this method.
The Registry location HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Tcpip \ Parameters contains a DefaultTTL DWORD value. The data is the default TTL value, which can be modified, but cannot be greater than 255 in decimal format.
TTL in Ping
For example:
The returned values of ping sugon blog are as follows:
C: \ Documents ents and Settings \ user> ping
Pinging [66.235.202.42] with 32 bytes of data:
Reply from 66.235.202.42: bytes = 32 time = 254 ms TTL = 51
Reply from 66.235.202.42: bytes = 32 time = 256 ms TTL = 51
Request timed out.
Reply from 66.235.202.42: bytes = 32 time = 260 ms TTL = 51
Ping statistics for 66.235.202.42:
Packets: Sent = 4, stored ED = 3, Lost = 1 (25% loss ),
Approximate round trip times in milli-seconds:
Minimum = 254 ms, Maximum = 260 ms, Average = 256 ms
From the results, we can see that the IP address of the Shuguang blog server is 66.235.202.42 and the time used is ms. What does TTL mean when it is 51?
TTL indicates the time to live, that is, the amount of time the ping packet can have on the network. When the ping operation is performed on the host on the network, the local machine sends a data packet to the destination host through a certain number of routers. However, for many reasons, some data packets cannot be transmitted to the target host normally. If these data packets are not sent for a long time, the data packets will be transmitted over the network, increasing the network overhead. After a data packet is transmitted to a vro, TTL is automatically reduced by 1. If the data packet is reduced to 0 but not transmitted to the target host, the data packet is automatically lost. As the third time when I ping Shuguang's blog above, the Request timed out occurs and the TTL is increased to reduce the consumption of network resources. By default, the TTL value of Linux is 64 or 255, the TTL value of Windows NT/2000/XP is 128, and the TTL value of Windows 98 is 32, the TTL value of a UNIX host is 255. (This is found on the network). The target host of Shuguang blog uses the FreeBSD system (which may have been replaced), where the TTL value may be 64 instead of 255 of the UNIX host, therefore, from here to the destination host, there are 64-51 = 13 routes. When we do not know the operating system of the target host, we can guess based on TTL, but it is not necessarily 100% accurate. If the target host is windows, but after 75 routers, the TTL returned value is 128-75 = 53. Therefore, you may think that the target host is a Linux system, but generally does not pass through so many routers, therefore, TTL is used to determine the operating system of the target host.