-
August 20th, 2004, 04:33 PM
#11
Junior Member
This may be a stupid question but what does it mean if the TTL is 125?
-
August 20th, 2004, 05:04 PM
#12
It means the packet could have gone 125 hops more to get to its destination.
Probably that it was set to 128 and the host replying was 3 hops away.
Chris Shepherd
The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
\"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
Is your whole family retarded, or did they just catch it from you?
-
August 20th, 2004, 06:29 PM
#13
TTL stands for Time To Live ... every Packet that goes out has a life time or TTL value.If the
packet doen't reach the destination in a time less than its TTL value, It becomes invalid (Right ??). When a packet travels from one node to another its called a hop (right ?).
-
August 20th, 2004, 08:03 PM
#14
That is right. Ex.) A TTL of 255 means that the packet should time out in something like 4.25 minutes but this is not true. The TTL is decremented everytime it makes a hop, so the 4 minute thing is not neccesarily true in all cases because sometimes it takes less than a second for the packet to be processed and sometimes it may take more time.
-
August 21st, 2004, 05:17 PM
#15
Junior Member
Most of the time it is under a second. Traceroute, for example, almost always takes less than a second. You have to be careful when pinging systems. There are ways to detect people pinging your system.
It's not a bad idea to go and pick up Ankit Fadia's Network Security: A Hacker's Perspective. It's a good book and it oulines the ICMP protocol in full very nicely. Detailed, too. But yeah.
I need help with un-XORing binary numbers (is it possible?), if anyone's interested.
-
August 21st, 2004, 05:58 PM
#16
You know, it's funny this thread comes up. I've been doing a lot of pinging at work all summer, making sure machines are up and such, and I noticed the difference in TTL fields between Windows and various *nix boxes. Never thought much of it until now.
But here's another thought, kind of along the same lines. Anyone else notice how ping packets sent from different OSes are different sizes?
alpha
-
August 21st, 2004, 06:55 PM
#17
Whatever you do, please don't pick up Ankit Fadia's book. If it's anything like the first one, it's just plagarised material taken from freely available internet sources. If you want to learn about the ICMP protocol, here's a list of links that might be useful.
RFC 792 - The definitive guide to ICMP
http://www.networksorcery.com/enp/protocol/icmp.htm
http://cities.lk.net/trproto.html
Cheers,
cgkanchi
-
August 21st, 2004, 07:04 PM
#18
Junior Member
You're probably right cgkanchi, but it's a good source nontheless. It has all those things in one place, which is a good reference.
-
August 21st, 2004, 09:02 PM
#19
A slowly incrementing TTL value is how traceroute works. It increments the TTL from 1 to the max (default 30 on most systems) until the target host and the destination host are the same. It captures the time it took for its initial packet to return the icmp-ttl-expired which is how it generates the list of intervening hosts and ping times it displays.
Chris Shepherd
The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
\"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
Is your whole family retarded, or did they just catch it from you?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|