TTL and Operating System

Posted on 2005-03-04
Medium Priority
Last Modified: 2013-12-06
Why do different operating system use different TTL in their ICMP packets? I couldnt find any good article about it?
anyone knows the reason or knows of a good article?
Question by:entrance80
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 12

Accepted Solution

GinEric earned 150 total points
ID: 13464960
Time To Live [TTL] is determined by the network routers for an ICMP packet.  At each router [hop] the TTL is decremented by 1.  It's really a best guess at how long it will take to reach the destination and get an ACK in return.  Its initial value is determined by some algorithim that also tries to guess at the time.  For Operating Systems, its really a matter of personal preferences by the OS authors, for the network, its mostly what the Cisco routers consider, from experience, what good values are.  The whole idea was not to have the TTL value set in stone.

If a value is consistently too short, the algorithim will try to increase it little by little, and if that doesn't work, it may just give up with destination unreachable while it reconsiders its guess.  If its too long, unreassembled packets and endless loop packets will just keep circling the Internet looking for a place to land clogging the routers on the way.

So the algorithim method of determining TTL allows for all Operating Systems and all routers to adjust to network conditions.

A good Operating System plays well with the others on the network.  A bad Operating System just issues TTL's as it sees fit.  The mostly Cisco routers on the Internet use their algorithims to detect good and bad behaving Operating Systems as the source and destination hosts between network connections and can, if necessary, shut off this "circling" traffic at the source, the place where the bad TTL's are coming from.

It's really a technical and very theoretical issue which you can find at:


all over the site by doing a search.

Operating Systems, per se, have little to do with TTL, which is handled by TCP/IP mostly.  Proprietary TCP/IP versions, such as Microsoft's TCP/IP, can, and often do, behave badly.

But it's not really the Operating System's job to handle TTL, it's the job of TCP/IP and the interim routing devices.

Looking up TCP/IP and/or Routing [as in Cisco Routers] will get you much better information on Time To Live [TTL].
LVL 11

Expert Comment

ID: 13466459
TTL stands for Time to live. It's a counter-measure for avoiding infinite loops (for example). Every time a packet "hits" a router, the TTL value is decremented. When it reaches 0 (zero) the packet is discarded.

Imagine you have a setup like this:

             R1 --------- R2
                \            /
                  \        /  
                    \    /

Can you get the idea on how nice TTL works?!

LVL 12

Expert Comment

ID: 13467666
I like the drawing, they say a picture is worth a thousand words; I feel I've been outdone by a pictograph at a fast food chain!

LVL 11

Expert Comment

ID: 13467816
LVL 12

Expert Comment

ID: 13639179
Thank you entrance80

Featured Post

New benefit for Premium Members - Upgrade now!

Ready to get started with anonymous questions today? It's easy! Learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This program is used to assist in finding and resolving common problems with wireless connections.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses
Course of the Month10 days, 8 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question