Is the TTL I see on a packet arriving from a server to my computer is the original TTL or the TTL after the routers between stripped some numbers?

ttl

retag add tags

I started a Wireshark, and entered a website. Is the TTL I am seeing is the original TTL the website "wrote" when it sent the packet? Is it the TTL after it was stripped by routers?

Each IP node sets an initial TTL when sending a packet. Typical initial TTLs are 255, 128 and 64. A few IP implementations use other values.

When a router forwards a packet the TTL value is reduced by 1. The packet will be dropped, when TTL reaches zero.

If you receive a packet with a TTL of 240, it was likely forwarded by 15 routers. If you receive a packet with a TTL of 120, it was likely forwarded by 8 routers or 125 routers. Then again, I have never encountered a network with a diameter of more than 30 hosts.

Please note, that the TTL will not be reduced while the packet is forwarded through IPsec and similar tunnels.

2.4k

Eddi

answered 2021-01-30 09:41:54 +0000

edit flag offensive 0 remove flag delete link

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Is the TTL I see on a packet arriving from a server to my computer is the original TTL or the TTL after the routers between stripped some numbers? edit

Comments

1 Answer

Comments