Announcement

Collapse
No announcement yet.

Why TTL in windows is 128

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Why TTL in windows is 128

    Subject says everything. I am surprised why different operating systems are maintaining different TTL values and again they are giving options to change as we want. Any one has idea?

  • #2
    Re: Why TTL in windows is 128

    Originally posted by charlsteve View Post
    Subject says everything. I am surprised why different operating systems are maintaining different TTL values and again they are giving options to change as we want. Any one has idea?

    those are set default values. You can change that if you want. "Google it" but I think the main reason behind is so you don't flood the network traffice if you are doing a continues ping etc

    Comment


    • #3
      Re: Why TTL in windows is 128

      Thanks Zrider for comment. I know the default values and has procedure to change to custom values. But the question not leaving my mind is, why windows has one value and why other OS has their own value.. is it some thing to think about Buffer sizes in network layer or some thing that sort?

      Comment


      • #4
        Re: Why TTL in windows is 128

        OK, which TTL -- DNS life in seconds or Ping in hops?

        For Pings, it may well be due to increasing complexity of the internet and that a packet has to go through more routers (hops) to reach its destination.
        Remember TTL is reduced by one per hop until either the destination in reached or TTL reaches zero
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: Why TTL in windows is 128

          I am talking about TTL in ping only. When we ping a windows machine we get a TTL of 128 and unix other operating systems gives some other value. I am just trying to understand why windows TTL is set to such a low when compared to unix and other OS ttls. Don't microsoft wants to travel their packets more than 128 hops by default or it is some sort of safely measure?

          Comment


          • #6
            Re: Why TTL in windows is 128

            I suspect it comes down to different peoples idea of a suitable value that is large enough to find a host but not too large that it (as stated above) floods the internet
            As a non-unix person, could you tell me what value that OS uses?
            Tom Jones
            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
            PhD, MSc, FIAP, MIITT
            IT Trainer / Consultant
            Ossian Ltd
            Scotland

            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Re: Why TTL in windows is 128

              >I suspect it comes down to different peoples idea of a suitable
              > value that is large enough to find a host but not too large that it
              > (as stated above) floods the internet

              Sounds reasonable.

              >As a non-unix person, could you tell me what value that OS uses?

              I know solaris has 256 as default TTL and someone mentioned in http://www.sysadmin-network.com/prof...the-machine-os that few unix flavors has as low as 64.

              Thanks,
              Sitaram

              Comment


              • #8
                Re: Why TTL in windows is 128

                But I am surprised, why it has not became a industry standard as this directly effects the machine reachability over internet. So, is it recommended to use a solaris box than a windows box internet which has high TTL and more people can reach me over internet?

                Comment


                • #9
                  Re: Why TTL in windows is 128

                  It is nothing to do with the target machine, purely with the one sending the Pings
                  Tom Jones
                  MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                  PhD, MSc, FIAP, MIITT
                  IT Trainer / Consultant
                  Ossian Ltd
                  Scotland

                  ** Remember to give credit where credit is due and leave reputation points where appropriate **

                  Comment


                  • #10
                    Re: Why TTL in windows is 128

                    > It is nothing to do with the target machine, purely with
                    > the one sending the Pings

                    Looks like out statements are contradicting...

                    If I ping from machine A to machine B, the ping output shows the TTL of machine B(destination) not the machine A(source) from where I initiated the ping commander. Am I missing anything here?

                    Comment


                    • #11
                      Re: Why TTL in windows is 128

                      Originally posted by charlsteve View Post
                      > It is nothing to do with the target machine, purely with
                      > the one sending the Pings

                      Looks like out statements are contradicting...

                      If I ping from machine A to machine B, the ping output shows the TTL of machine B(destination) not the machine A(source) from where I initiated the ping commander. Am I missing anything here?
                      Are you sure???

                      My understanding of this is that when you ping a machine the originator sets the TTL.

                      Comment


                      • #12
                        Re: Why TTL in windows is 128

                        Check this thread, particularly post 13
                        http://www.webhostingtalk.com/showthread.php?t=48270
                        Tom Jones
                        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                        PhD, MSc, FIAP, MIITT
                        IT Trainer / Consultant
                        Ossian Ltd
                        Scotland

                        ** Remember to give credit where credit is due and leave reputation points where appropriate **

                        Comment


                        • #13
                          Re: Why TTL in windows is 128

                          TTL value is part of the originating packet but also most routers slim this value down to 32 so it doesn't really matter what the original value is.
                          I am not sure where from but i remember this old cliche that you can reach any machine on the internet with less than 32 hops. (Hopefully less but you wouldn't want that to be any higher than that)
                          Caesar's cipher - 3

                          ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

                          SFX JNRS FC U6 MNGR

                          Comment


                          • #14
                            Re: Why TTL in windows is 128

                            Hey guys...I did a small test to see if the originating machine applies the TTL.

                            I am sitting on a windows XP machine and trying to ping locally.

                            C:\>ping localhost

                            Pinging myhost.domain.com [127.0.0.1] with 32 bytes of data:

                            Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
                            Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
                            Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
                            Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

                            Ping statistics for 127.0.0.1:
                            Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
                            Approximate round trip times in milli-seconds:
                            Minimum = 0ms, Maximum = 0ms, Average = 0ms

                            C:\>

                            Now I am trying to ping one solaris machine which is in my local network.

                            C:\>ping mysolaris

                            Pinging mysolaris.domain.com [10.10.10.1] with 32 bytes of data:

                            Reply from 10.10.10.1: bytes=32 time=17ms TTL=254
                            Reply from 10.10.10.1: bytes=32 time<1ms TTL=254
                            Reply from 10.10.10.1: bytes=32 time<1ms TTL=254
                            Reply from 10.10.10.1: bytes=32 time<1ms TTL=254

                            Ping statistics for 10.10.10.1:
                            Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
                            Approximate round trip times in milli-seconds:
                            Minimum = 0ms, Maximum = 17ms, Average = 4ms

                            C:\>

                            Look at the TTL in both cases. When I trying to ping unix machine, it is giving the TTL of unix machine itself not the windows machine. Also I tried pinging the another windows box which is in network and got 127 as TTL(decremented by 1 because of one hop)

                            This made me to realize that TTL we are seeing is of destination machine.

                            Comment


                            • #15
                              Re: Why TTL in windows is 128

                              Yes, the TTL in the ICMP echo reply is the TTL from the host being pinged.

                              I'm taking a guess that part of the reason that Windows uses a TTL of 128 is to:

                              Provide a differentiation between OS's as many Unix/Linux systems use 64 or 256 as their TTL.

                              Provide a rudimentary means of determining the distance in hops between two hosts. for instance, I pinged my office firewall from home and got a TTL of 44. Now I know that my firewall is Linux based so I guessed that the TTL of the firewall was 64 and that there were twenty hops between it and me. When I performed a tracert, sure enough it was 19 hops (plus one hop for the originating host).

                              Of course this is all conjecture on my part based on my tests.

                              Also, you'll notice that Cisco devices have a TTL of 256, Unix/Linux devices have a TTL of 64 or 256, and Windows devices have a TTL of 128.
                              Last edited by joeqwerty; 7th July 2009, 13:02.

                              Comment

                              Working...
                              X