Solved

a question about TTL

Posted on 2011-09-11
35
676 Views
Last Modified: 2012-06-21
Hello,

TTL default value is 255 right? and everytime a router reaches the next hope, it gets minus 1 which means 255 254 253 etc ...... i was wondering what about if the destination router is 1000 hop away from the source router ??? knowing that TTL default is 255 how can this affect the data transmitting ? for example when you ping google.com i can see TTL = 52, is that mean i'm 52 hop away from google servers? so if there is a server in a 300 hop, what would happen?
0
Comment
Question by:World05
  • 9
  • 9
  • 5
  • +6
35 Comments
 
LVL 21

Accepted Solution

by:
Papertrip earned 125 total points
Comment Utility
The max TTL value is 255 since it is an 8-bit field.  That doesn't mean that the machine you are pinging from is using that value however... it could be 32, 64, 128, 255, etc.

i can see TTL = 52, is that mean i'm 52 hop away from google servers?
No, it means that if TTL is set to 64 for example, that you are 12 routers away.
0
 

Author Comment

by:World05
Comment Utility
Papertrip:

That doesn't mean that the machine you are pinging from is using that value

what you mean with "using that value"?

You still didn't answer my question.

And i didn't understand what you just said about :"No, it means that if TTL is set to 64 for example, that you are 12 routers away."  
0
 
LVL 21

Expert Comment

by:Papertrip
Comment Utility
As in the machine you are using does not have to use a TTL of 255, this can be changed like I said.  I doubt you are 203 routers away from google, which is what the result would be if the machine you were using had a TTL value of 255.  Odds are it is set to 64 and you are only 12 routers away.

What OS are you using?

I just checked from a FreeBSD box and from my Windows 7 box, and the TTL is set to 64 for both.  This value is configurable in most, if not all, OS's.

In regards to the what if there are 300 routers between you and the destination, once it reaches the 255th router, the packet will drop from the wire and your ping will timeout.  The odds of there being >255 routers between you and a destination are pretty slim, unless there is a routing loop, which is exactly why TTL was implemented in the first place.

0
 

Author Comment

by:World05
Comment Utility
I'm running Win XP.


Pinging www.l.google.com [74.125.39.147] with 32 bytes of data:

Reply from 74.125.39.147: bytes=32 time=333ms TTL=52
Reply from 74.125.39.147: bytes=32 time=340ms TTL=52
Reply from 74.125.39.147: bytes=32 time=259ms TTL=52
Reply from 74.125.39.147: bytes=32 time=268ms TTL=52

Ping statistics for 74.125.39.147:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 259ms, Maximum = 340ms, Average = 300ms



TTL is 52. I don't know where you got this 12 router hop you are talking about !!! and TTL is something deals with routers not machines, and i can't configure it in my computer.... i'm still confused about your answers
0
 

Author Comment

by:World05
Comment Utility
Listen I have a CCNA, and i read a chapter about TTL, in everytime you reach a router it decrement by 1, if my destination is 3 hop away, the TTL would be 253

Router 1 : 255
Router 2 : 254
Router 3 : 254
0
 
LVL 21

Expert Comment

by:Papertrip
Comment Utility
TTL is 52. I don't know where you got this 12 router hop you are talking about !!!

64-52 :)  You were right about the TTL getting decremented, so you just take the local servers TTL value and count from there.

and TTL is something deals with routers not machines
Well technically it does have to do with the machine that is sending the packets, because that is where the TTL field is added into the packet.

An easy way to test is check the TTL from a ping to your gateway.

Here is a link to change the default value in XP.
0
 
LVL 21

Expert Comment

by:Papertrip
Comment Utility
Listen I have a CCNA, and i read a chapter about TTL, in everytime you reach a router it decrement by 1, if my destination is 3 hop away, the TTL would be 253

Yes, it would be if the TTL field in the headers starts at 255.
0
 

Author Comment

by:World05
Comment Utility
i'll wait for other experts to confirm this, since you just joined EE :) thank you anyway
0
 
LVL 21

Expert Comment

by:Papertrip
Comment Utility
I don't know how much clear I can make this.  There is a default value set by the host, start from there and use subtraction.  Ping your gateway and check the value there, or check the registry entry.

From Microsoft docs for ping in XP:

-i TTL : Specifies the value of the TTL field in the IP header for Echo Request messages sent. The default is the default TTL value for the host. For Windows XP hosts, this is typically 128. The maximum TTL is 255.
0
 

Author Comment

by:World05
Comment Utility
Why the TTL is not 255 as default? this is what makes me confused
0
 
LVL 21

Expert Comment

by:Papertrip
Comment Utility
Not sure how many more ways I can give the exact same answer...

max TTL = 255
default ttl = host specific

If you want the default TTL to be 255 from your XP machine, follow the instructions in the link I provided.
0
 
LVL 26

Expert Comment

by:Soulja
Comment Utility
Papertrip is correct. The TTL that you are seeing is the TTL after the number of hops it took for you to get to google is subtracted from what Google has set for their TTL. In Google's case they have it set to 64.

Additionally, TTL does refer to hops, but what you have to understand it that the hops doesn't necessarily mean that is how many routers it went though. It just means the number of hops, some hops are actual  BGP autonomous systems that don't propogate the TTL.

What this means is that if you send a packet at enter a certain ISP's Autonomous system, their could be several router in that autonomous system that the packet travels through, but the TTL does not decrement by 1 until it exits the automous system. It could have had 50 hops through the AS, but only decrement by 1.

0
 
LVL 26

Assisted Solution

by:Soulja
Soulja earned 125 total points
Comment Utility
0
 
LVL 2

Expert Comment

by:bgilsing
Comment Utility
Paper trip is 100% right. Not sure why there is doubt as the explanation is perfectly clear to me when reading the solution. There are not that many routers between you and most destinations on the Internet typically 32 hops or less will get you anywhere. Unless there is a routing loop as discussed before.
0
 

Author Comment

by:World05
Comment Utility
Yahoo's TTL, Google's TTL, Facebook's TTLs : is these TTLs configured randomly? why Google choose 64, and yahoo choose 70 etc ... What is the trick? and thank you Soulja, i thought that when the data is traveling through BGP routers AS, the TTL would change,
0
 
LVL 26

Expert Comment

by:Soulja
Comment Utility
" i thought that when the data is traveling through BGP routers AS, the TTL would change,"

You are right, it can change at each router's hop in the BGP AS, but many ISP's disable TTL propagation in there AS's so that customers only see the hops entering and exiting their AS. It's up the ISP whether they do this or not.
0
 

Author Comment

by:World05
Comment Utility
Soulja: in this case, i think ISP must disable ttl propagation, imagine i'm sending you data that travels through 500 routers to reach you, i'm sure that it will be timed out before it reaches you, don't you think this?
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 26

Expert Comment

by:Soulja
Comment Utility
If you are sending data that has to travel through 500 routers then it's just bad design. ISP's usually disable this so that customers cannot see into their network with tracerts.
0
 

Author Comment

by:World05
Comment Utility
Soulja: thanks for your answer, i think it's clear now, did you try it before? i mean did you work with an ISP and disabled ttl propagation? how to do this on GNS3 ? as a lab, any idea? i'm preparing for CCNP
0
 
LVL 50

Assisted Solution

by:Don Johnston
Don Johnston earned 125 total points
Comment Utility
Decrementing the TTL should not be disabled. If it is and a routing loop occurs, the packet will loop forever.  The starting TTL value is determined by the application. Most of the times 32 or 64 are used as initial values.

I don't think I've ever run into a destination that was more than 32 hops away.

It's possible that far into the future, the 255 hop limit could become a problem. But we are far from that point since even IPv6 has an 8-bit TTL field.
0
 
LVL 26

Expert Comment

by:Soulja
Comment Utility
We currently disable TTL propagation for our corporate customers in our MPLS VPN's.

Here's a good explanation:

http://packetlife.net/blog/2008/dec/22/disabling-mpls-ttl-propagation.
0
 
LVL 10

Expert Comment

by:Mohammed Rahman
Comment Utility
I tried to explain the TTL and its operation in the file attached. However, there are 3 points that I myself was not clear about. You can go through the document and let others do the same. Hope the explanation clears all the doubts that World05 and I have....

TTL-explained.doc
0
 
LVL 17

Assisted Solution

by:rochey2009
rochey2009 earned 125 total points
Comment Utility
Hi,

Different operating systems will using a different initial TTL setting. Some use 64, 128 etc. If the remote system starts with an initial TTL of 64 and there are 4 routers between you and the remote system, each router will decrement the TTL as the packet passes through each router. When the packet gets to you, it will have a TTL of 60.

Here is a list of the initial TTL's for each operating system:

http://www.binbert.com/blog/2009/12/default-time-to-live-ttl-values/

0
 
LVL 21

Expert Comment

by:Papertrip
Comment Utility
At this point we now have like 8 people all confirming my original answer (all 5 versions of it).

Is that enough confirmation for you World05 ?
0
 
LVL 10

Expert Comment

by:Mohammed Rahman
Comment Utility
EE Users.

Can some one please have a look at my post mody2579: and explain. Thanks.
0
 
LVL 21

Expert Comment

by:Papertrip
Comment Utility
@World05

Has your question been answered?
0
 
LVL 50

Expert Comment

by:Don Johnston
Comment Utility
You in a hurry or something?  ;-)
0
 
LVL 21

Expert Comment

by:Papertrip
Comment Utility
Haha no no :p

I'm just making sure World05's question has been adequately answered.  Just a concerned expert ;)  Is it a faux pas to follow up to questions you have answered?
0
 
LVL 50

Expert Comment

by:Don Johnston
Comment Utility
>  Is it a faux pas to follow up to questions you have answered?

No. It just doesn't do much good. >:-(

 And every commenter gets an email about a new comment.
0
 
LVL 10

Expert Comment

by:Mohammed Rahman
Comment Utility
Hi World05.. did u get any sort of clarity by looking at the sheet attached... mody2579
0
 
LVL 7

Expert Comment

by:CSorg
Comment Utility
Mmmm Papertrip, since you dont have any eyes, I cant really trust your answer!

Haha, fun reading this thread.
0
 

Author Comment

by:World05
Comment Utility
@mody2579: i can't download the file you attached, can anybody confirm me if you can download it?
0
 
LVL 7

Expert Comment

by:CSorg
Comment Utility
0
 
LVL 10

Expert Comment

by:Mohammed Rahman
Comment Utility
TTL Explained attached....  
TTL-explained.doc
0
 
LVL 5

Expert Comment

by:Feroz Ahmed
Comment Utility
Hi,

TTL is also defined in Router configuration and can be made modified as well the range is from 0 to 255.i.e 256.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now