2

In this answer to a question related to interpreting the values of TTL from a ping operation it is said that the TTL values vary depending on the operating system. I understood more or less the purpose of TTL, which is basically used to prevent loops in the network. At each hop, that value is decremented, and when it reaches 0, the packet, if not arrived at destination, is dropped. I am not sure if this value is really associated with the operating system or with the actual router or modem, or something else. Please, explain me this.

My question is: how can I find those initial values? It would be nice if someone gives an exhaustive answer (i.e. both for Windows and Unix-based OSs, and maybe using the terminal or some other interface) .

A workaround could be to ping, and see the ttl value, and then to traceroute, and count the number of hops, but it could not be precise enough...

Community
  • 1

1 Answers1

3

Packets sent to localhost don't go over any hops so the ttl shown will be the starting value.

Windows 10

C:\>ping -4 localhost 

Pinging Win10Main [127.0.0.1] with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
....

OpenWrt 15.05

root@OpenWrt:~# ping localhost
PING localhost (127.0.0.1): 56 data bytes
64 bytes from 127.0.0.1: seq=0 ttl=64 time=0.283 ms
...
Brian
  • 3,386
  • 17
  • 16
  • The TTL used by ping may or may not be the TTL used by other applications. I have seen in Wireshark where the TTL for other applications varies from what ping uses. Just as you can adjust the TTL for ping (which has it own default) other applications may have different default TTL values, which may or may not be changed. – Ron Maupin Jan 14 '16 at 18:46
  • `ping` does not have it's own default - when the ttl is not specified it uses the system setting which is initially the default value for the OS. – Brian Jan 14 '16 at 18:58
  • Actually, by RFC, the IP layer MUST have a mechanism to set the TTL from the transport layer (the application interface to the network stack), and if MUST be configurable, even if a network stack has a fixed value. At least some versions of ping (I have seen the code for a few different versions) have their own default values and can configure different TTL values. Each application running on a host may have a different TTL value, and the host MUST allow that. – Ron Maupin Jan 14 '16 at 19:13
  • But for example if ping to the server of my UNI the ttl value is 115, but if I ping to my localhost I get 64. Does this probably mean that the default value could be 64, but eventually is increased? But based on what should it be increased? Maybe I should ask another question or search around first... –  Jan 14 '16 at 19:23
  • @RonMaupin For this answer it doesn't matter what TTL `ping` uses. The TTL displayed by the `ping` command is the TTL of the response generated by the kernel. – kasperd Sep 25 '17 at 08:53