expertblr
asked on
Ping : Default TTL
Hello Experts,
My question to you is on the Ping's default TTL. When I ping inside my LAN the default TTL is set to 64 and when I Ping to yahoo , in the reply packet I see TTL of 51.
Does it mean that Yahoo is 255-51= 204 hops away form my machine.?
Please explain me ?
Below is the ping output:
[root@mars Desktop]# ping 192.168.1.76
PING 192.168.1.76 (192.168.1.76) 56(84) bytes of data.
64 bytes from 192.168.1.76: icmp_seq=0 ttl=64 time=0.300 ms
64 bytes from 192.168.1.76: icmp_seq=1 ttl=64 time=0.169 ms
[root@mars Desktop]# ping www.yahoo.com
PING www.yahoo.akadns.net (68.142.197.73) 56(84) bytes of data.
64 bytes from p10.www.mud.yahoo.com (68.142.197.73): icmp_seq=0 ttl=52 time=324 ms
64 bytes from p10.www.mud.yahoo.com (68.142.197.73): icmp_seq=1 ttl=52 time=325 ms
Thanks.
My question to you is on the Ping's default TTL. When I ping inside my LAN the default TTL is set to 64 and when I Ping to yahoo , in the reply packet I see TTL of 51.
Does it mean that Yahoo is 255-51= 204 hops away form my machine.?
Please explain me ?
Below is the ping output:
[root@mars Desktop]# ping 192.168.1.76
PING 192.168.1.76 (192.168.1.76) 56(84) bytes of data.
64 bytes from 192.168.1.76: icmp_seq=0 ttl=64 time=0.300 ms
64 bytes from 192.168.1.76: icmp_seq=1 ttl=64 time=0.169 ms
[root@mars Desktop]# ping www.yahoo.com
PING www.yahoo.akadns.net (68.142.197.73) 56(84) bytes of data.
64 bytes from p10.www.mud.yahoo.com (68.142.197.73): icmp_seq=0 ttl=52 time=324 ms
64 bytes from p10.www.mud.yahoo.com (68.142.197.73): icmp_seq=1 ttl=52 time=325 ms
Thanks.
Actually it means the Yahoo is 13 hops away (64-13=51) The TTL value is decremented at each hop. This could be confirmed by doing a traceroute from your machine. It will list each hop (if they respond correctly to the ICMP message.)
ASKER
just look at the ping to google.com. In this the TTL is 238 (255-17). My question is does the TTL value set depends on the remote machine (for linux the default is 64 and for windows the default is 255...something liks this)?
[root@mars Desktop]# ping www.google.com
PING www.l.google.com (72.14.207.99) 56(84) bytes of data.
64 bytes from 72.14.207.99: icmp_seq=1 ttl=238 time=286 ms
64 bytes from 72.14.207.99: icmp_seq=2 ttl=238 time=272 ms
64 bytes from 72.14.207.99: icmp_seq=3 ttl=238 time=274 ms
64 bytes from 72.14.207.99: icmp_seq=4 ttl=238 time=281 ms
--- www.l.google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3025ms
rtt min/avg/max/mdev = 272.860/278.998/286.560/5.
[root@mars Desktop]# ping www.google.com
PING www.l.google.com (72.14.207.99) 56(84) bytes of data.
64 bytes from 72.14.207.99: icmp_seq=1 ttl=238 time=286 ms
64 bytes from 72.14.207.99: icmp_seq=2 ttl=238 time=272 ms
64 bytes from 72.14.207.99: icmp_seq=3 ttl=238 time=274 ms
64 bytes from 72.14.207.99: icmp_seq=4 ttl=238 time=281 ms
--- www.l.google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3025ms
rtt min/avg/max/mdev = 272.860/278.998/286.560/5.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Meant to include that on my home network I get these results
OS TTL
Redhat Linux 64
Windows XP 128
Windows ME 128
Linksys Router 150
Cheers,
Gary
OS TTL
Redhat Linux 64
Windows XP 128
Windows ME 128
Linksys Router 150
Cheers,
Gary
ASKER
Thanks for the Succor Gary...:)
ASKER
One more qestion Gary:
Does that mean that I can easily guess the remote end operating system?
No Problem, Glad I could help!
Cheers,
Gary
Cheers,
Gary
ASKER
Gary,
Does that mean that I can easily guess the remote end operating system?
I suppose you could make a guess at the OS based on TTL. It seems that most UNIX/Linux systems use 64, and most Windows systems use 128. Beyond that it could be anything as your Google ping shows.
The Passive Fingerprinting article above would give more accurate info based on other things.
You're not thinking of anything illegal are you? ;-)
Cheers,
Gary
The Passive Fingerprinting article above would give more accurate info based on other things.
You're not thinking of anything illegal are you? ;-)
Cheers,
Gary
ASKER
Nothing Illegal...dont't worry..:). Just wanted to make sure that I thought in the right direction..
Ya, I know we can find the OS using some fingerprinting tools.....but I never knew we can guess the OS from TTL.
Thanks for you help!!
Ya, I know we can find the OS using some fingerprinting tools.....but I never knew we can guess the OS from TTL.
Thanks for you help!!
Cool, glad to help!!!
Cheers,
Gary
Cheers,
Gary