Ask Your Question

Is the TTL I see on a packet arriving from a server to my computer is the original TTL or the TTL after the routers between stripped some numbers?

asked 2021-01-30 09:07:54 +0000

NAT gravatar image

I started a Wireshark, and entered a website. Is the TTL I am seeing is the original TTL the website "wrote" when it sent the packet? Is it the TTL after it was stripped by routers?

edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted

answered 2021-01-30 09:41:54 +0000

Eddi gravatar image

Each IP node sets an initial TTL when sending a packet. Typical initial TTLs are 255, 128 and 64. A few IP implementations use other values.

When a router forwards a packet the TTL value is reduced by 1. The packet will be dropped, when TTL reaches zero.

If you receive a packet with a TTL of 240, it was likely forwarded by 15 routers. If you receive a packet with a TTL of 120, it was likely forwarded by 8 routers or 125 routers. Then again, I have never encountered a network with a diameter of more than 30 hosts.

Please note, that the TTL will not be reduced while the packet is forwarded through IPsec and similar tunnels.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools


Asked: 2021-01-30 09:07:54 +0000

Seen: 664 times

Last updated: Jan 30