I am wondering what's going on. On my Windows 8 computer I see many packets sent to the same host (identical ports) with ever decreasing TTL until ICMP TTL exceeded come back. For example below, packet 591 has TTL=84, packet 593 has TTL=83,... and so on Packet 592 has TTL=127, packet 594 TTL=126, ... and so on. All sent from my local ip address. Simillar I see with UDP conversation of OpenVPN connection - many rapidly sent packets with always decreased TTL by one, followed by ICMP ttl-exceeded replies. I couldn't google anything like this to help me understand.
591 2019-04-29 12:27:47,669222 192.168.9.16 208.123.73.199 TCP 54 43955 → 443 [ACK] Seq=168 Ack=255 Win=903 Len=0 TTL=84 592 2019-04-29 12:27:47,669316 192.168.9.16 208.123.73.199 TCP 178 [TCP Retransmission] 43955 → 443 [PSH, ACK] Seq=168 Ack=454 Win=902 Len=124 TTL=127 593 2019-04-29 12:27:47,669396 192.168.9.16 208.123.73.199 TCP 54 43955 → 443 [ACK] Seq=168 Ack=255 Win=903 Len=0 TTL=83 594 2019-04-29 12:27:47,669472 192.168.9.16 208.123.73.199 TCP 178 [TCP Retransmission] 43955 → 443 [PSH, ACK] Seq=168 Ack=454 Win=902 Len=124 TTL=126
I can't attach pcap file, so here is other part of unfiltered interface capture: Packet 1 has TTL=128, 2 TTL=127, ..., packet 5 TTL=124, ... and so on, this five packets sent in mere 354 us(!) 1 2019-04-29 12:27:45,917262 192.168.9.16 194.213.207.90 UDP 216 58165 → 34536 Len=174 2 2019-04-29 12:27:45,917386 192.168.9.16 194.213.207.90 UDP 216 58165 → 34536 Len=174 3 2019-04-29 12:27:45,917459 192.168.9.16 194.213.207.90 UDP 216 58165 → 34536 Len=174 4 2019-04-29 12:27:45,917546 192.168.9.16 194.213.207.90 UDP 216 58165 → 34536 Len=174 5 2019-04-29 12:27:45,917616 192.168.9.16 194.213.207.90 UDP 216 58165 → 34536 Len=174
