1. Introduction to TTL
TTL, or Time To Live, is a crucial parameter found in the IP header. By examining the TTL value, we can assess the operational status of the current network IP layer.
TTL tells the routers in the network whether the data packet has been in the network for too long and should be discarded. The original idea of TTL was to determine a time range, and the packet would be discarded after this time. Since the TTL value is reduced by at least 1 every time the data packet passes through a router, the TTL value usually indicates the maximum number of routers that the packet can pass before being discarded. When the TTL value is 0, the router discards the data packet and sends an ICMP message to the original sender of the data packet.
There are many reasons why a data packet cannot be delivered to the destination within a certain period of time. For example, incorrect routing table configuration may cause an infinite loop of data packets. The solution is to discard the data packet after a period of time, and then send a message to the sender, who decides whether to resend the data packet. When this happens on the network, the data packet will be repeatedly sent to the router with incorrect configuration in the routing table. Each time it is sent, the TTL value decreases by 1 until the router discards the data packet when the TTL is 0, causing data transmission errors in the network.
The default TTL values for different operating systems and transport protocols are different. Table 1 lists the default TTL values for common operating systems when transmitting over TCP and UDP.
2. Check the TTL value of the data packet and analyze the transmission failure
The network devices in the network are all processed by the operating system (some hardware devices have the system pre-installed in the hardware chip). When the network encounters a transmission failure, we can use network detection software to detect the data packets circulating in the network in combination with the information in the above table, and check the TTL value of the data packet to determine whether the failure is caused by incorrect routing, etc. Figure 1 shows the situation of using the Colai Network Analysis System 5.0 to check the TTL value of a data packet.
The time to live (TTL) in the figure is 247. Combined with Table 1, it can be determined that this data packet has passed through 255-247=8 routers from the source (here is 61.139.2.69) to the destination (here is 192.168.10.44), and no failure occurred during the transmission process.
Notice:
1. Determine how many routers a packet has passed through in the network by subtracting the TTL value of the captured packet from the default TTL value of the device at the source of the packet.
2. When the default TTL of the source device of the data packet is unknown, generally use the default value that is larger than the TTL of the captured data packet and closest to this TTL.
3. The TTL field is 1 byte long, so the maximum value of TTL is 255;
By checking the TTL of the data packet, you can determine whether the network transmission is normal. If the TTL value of the captured data packet is too small, it means that there is a high probability of transmission failure in the network. You should promptly check the routing table configuration of the three-layer device in the network and the routing table information on each host.
3. Summary
The text provides an introduction to TTL (Time To Live), a key parameter in the IP header that helps determine network operation status. It explains how TTL informs routers whether a data packet has overstayed in the network and should be discarded, thereby preventing faulty routing, such as infinite loops. TTL is decreased by 1 each time a packet passes through a router until it reaches 0, prompting the router to discard it and send an ICMP message to the sender. This mechanism detects network issues, like incorrect routing, that can lead to transmission errors. Different operating systems have varying default TTL values for TCP and UDP, outlined in Table 1. By analyzing the TTL of a data packet, one can diagnose network failures. If the TTL value is small, it indicates possible transmission issues, suggesting a need to review routing tables. Using tools like network analysis software helps in TTL troubleshooting and assessing normal data transmission. A practical example illustrates checking TTL with Colai Network Analysis System 5.0, showing a data packet traversing eight routers without failure. The text offers troubleshooting guidelines, emphasizing the importance of understanding and using TTL values effectively.