Time to Live Concepts

Tommy2727

Can some one explain this to me please in layman's terms,

Traceroute intentionally sends a packet with a low TTL value so that it will be discarded by each successive router in the destination path. Ok I got this...


The time between sending the packet and receiving back the ICMP message that it was discarded is used to calculate each successive hop travel time.[/B]

and How does Ping use TTL also.


Thanks....

JaCkNiFe

Time To Live (TTL) is an 8 bit field in an IP packet header. Essentially it is either a predefined or manually specified value that delineates how long the packet has to live in terms of router hops. You can discover your predefined TTL value by simply pinging your default gateway. Additionally the TTL can be manually specified by using the ping -i switch in a Windows command prompt, a ping –t switch within a Linux terminal and according to Cisco’s website the TTL of a ping cannot be modified.

When an ICMP request (Ping) is sent out, the TTL is decremented by a value of 1 by every router the ICMP request passes through. You can see that Google is 10 hops from my workstation considering my default TTL is 64. You can also deduce that Google's TTL is 64. How? Simply because the TTL is reset when it reaches its destination and a fresh new TTL is sent out with the ICMP reply.

C:\>tracert google.com

Tracing route to google.com [74.125.224.84]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  10.0.0.1
  2     1 ms     1 ms     1 ms  inside.global.IP [1.1.1.1]
  3   582 ms   108 ms   119 ms  2.2.2.2
  4   704 ms   140 ms   135 ms  isp.router.net [3.3.3.1]

  5    38 ms    58 ms    50 ms  isp.router.net [3.3.3.2]

  6    61 ms    38 ms    66 ms  isp.router.net [3.3.3.3]

  7    57 ms    89 ms    69 ms  core2-1-1-0.pao.net.google.com [198.32.176.31]
  8    47 ms    50 ms    62 ms  216.239.49.250
  9    30 ms    34 ms    38 ms  64.233.174.19
 10    18 ms    14 ms    38 ms  74.125.224.84

Trace complete.

C:\>ping google.com

Pinging google.com [74.125.224.80] with 32 bytes of data:
Reply from 74.125.224.80: bytes=32 time=13ms TTL=55
Reply from 74.125.224.80: bytes=32 time=25ms TTL=55
Reply from 74.125.224.80: bytes=32 time=13ms TTL=55
Reply from 74.125.224.80: bytes=32 time=12ms TTL=55

Ping statistics for 74.125.224.80:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 12ms, Maximum = 25ms, Average = 15ms

I can verify my default TTL by pinging my default gateway.

C:\>ping 10.0.0.1

Pinging 10.0.0.1 with 32 bytes of data:
Reply from 10.0.0.1: bytes=32 time<1ms TTL=64
Reply from 10.0.0.1: bytes=32 time<1ms TTL=64
Reply from 10.0.0.1: bytes=32 time<1ms TTL=64
Reply from 10.0.0.1: bytes=32 time<1ms TTL=64

Ping statistics for 10.0.0.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

If the TTL is decremented to 0 (zero) before it reaches its destination it will be discarded and an ICMP error (type 11 - Time Exceeded) is returned to the sender of the ICMP request. As you can imagine this is a major benefit TTL brings to the table by preventing undeliverable packets from being circulated infinitely.

C:\>ping -i 9 google.com

Pinging google.com [74.125.224.81] with 32 bytes of data:
Reply from 64.233.174.19: TTL expired in transit.
Reply from 64.233.174.19: TTL expired in transit.
Reply from 64.233.174.19: TTL expired in transit.
Reply from 64.233.174.19: TTL expired in transit.

Ping statistics for 74.125.224.81:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

C:\>ping -i 10 google.com

Pinging google.com [74.125.224.81] with 32 bytes of data:
Reply from 74.125.224.81: bytes=32 time=22ms TTL=55
Reply from 74.125.224.81: bytes=32 time=13ms TTL=55
Reply from 74.125.224.81: bytes=32 time=16ms TTL=55
Reply from 74.125.224.81: bytes=32 time=13ms TTL=55

Ping statistics for 74.125.224.81:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 13ms, Maximum = 22ms, Average = 16ms

Happy studies!

abhustler

Tommy2727 wrote: »

Can some one explain this to me please in layman's terms,

Traceroute intentionally sends a packet with a low TTL value so that it will be discarded by each successive router in the destination path. Ok I got this...


The time between sending the packet and receiving back the ICMP message that it was discarded is used to calculate each successive hop travel time.[/B]

and How does Ping use TTL also.


Thanks....

When the TTL value reaches zero the device this happened on will send an ICMP time exceeded packet back to the source. The time it took from the initial ping to start to the point where it received back the ICMP exceeded packet determines the time listed for the that hop.

The TTL in a ping starts at 255 and decrements as it passes IP devices. The only reason I can see to have it to eliminate the posibility of infinite ping in the event of a loop. You can also use it to quickly determine how many devices the ping packet traversed by subracting the TTL value you see in the ping reply from 255. Hopefully that helps.