TTL is IP packets of a value, it tells network, packets in networks that time is too long and should be discarded. There are many reasons that bag in a certain period can be passed to the destination. The solution is after period of time, and then cast this package to sender a message by the sender will determine whether retransmission. TTL initial value is usually system default value, is the 8 bits of baotou domain. TTL originally conceived is fix a time range, exceed the time put packet-discard. Since each router has at least a TTL domain minus one, TTL usually expressed wrapped in abandoned most of the router can pass before the number. When numeration to 0, the router decided to discard the packets, and send an ICMP messages to the first sender.
Basic introduction
TTL: (a) survival Time To Live
Designated packets were allowed to pass before the router discarded segment of the population.
TTL is by sending hosting setup to prevent unceasingly in the IP packets on Internet, never ended cycle. Forwarding IP packets, request router at least will decrease 1. TTL
When using the PING involves the ICMP messages type
A Request for ICMR echoing (ICMP Echo that)
A for ICMP echoing response (ICMP echors Reply)
TTL field values can help us identify operating system type.
UNIX and class the UNIX operating system ICMP echoing response of TTL field values for 255
Compaq Tru64 5.0 ICMP echoing response of TTL field values for 64
Microsoft Windows NT / 2K operating system ICMP echoing response of TTL field values for 128
Microsoft Windows 95 operating system ICMP echoing response of TTL field values for 32
Of course, returning TTL value is the same
But in some cases have special
LINUX Numbers 2.2. X & 2.4. X ICMP echoing response of TTL field values for 64
FreeBSD 4.1, 4.0, 3.4,
From Solaris 2.5.1 and 2.6, 2.7 2.8,
OpenBSD 2.6, 2.7,
NetBSD
HP UX 10.20
ICMP echoing response of TTL field values for 255
Windows 95/98/98SE
Windows ME
ICMP echoing response of TTL field values for 32
Windows NT4 WRKS
Windows NT4 Server
Windows 2000 Windows XP
ICMP echoing response of TTL field values for 128
In this way, we can use this method to distinguish the operating system
TTL value registry position HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services for \ Tcpip \ possible one of the DefaultTTL DWORD value, the data is the default TTL value, we can modify, but not greater than a decimal 255
The Ping of TTL
For example:
The following is the ping shuguang blog return values:
C: \ Documents and Settings \ user > ping
Pinging 66.235.202.42] [bytes of data: 32.
In Reply 66.235.202.42:32 bytes = a = 254ms TTL = 51
In Reply 66.235.202.42:32 bytes = a = 256ms TTL = 51
That timed out.
In Reply 66.235.202.42:32 bytes = a = 260ms TTL = 51
The Ping 66.235.202.42: statistics.
Packets: enclosedhere = = 3, 4, wait Lost = 1 (25% loss),
Approximate round trip is to send in milli - seconds:
Minimum = 254ms, can 260ms, Average = = 256ms
From the results can be seen in the dawn blog server IP address is: 66.235.202.42, time used is 256ms etc, the TTL etc and 51 what meaning be?
TTL is survival time of meaning, that the ping packets can exist on the Internet, how much time. When the network hosts on the ping operations, local machine can make a packet, packets through a certain quantity of the router sends to its destination, but due to many reasons, some packet not normal to teleport to its destination, that if we do not give these packets a survival time, then these packets will always on the network transmission, leads to the increase of network overhead. When packet transmitted to a router after TTL automatically minus 1, if reduced to 0 or not transmit to its destination, then automatically lost. Like above the ping shuguang my blog, appear so that third timed out, increase TTL to reduce the network resources consumption. By default, Linux system of TTL value for 64 or 255, Windows NT / 2000 / XP system of TTL value for 128, Windows 98 system of TTL value for 32, UNIX host TTL value for 255. (this is the network found on), shuguang blog host is the purpose of using FreeBSD systems (may have replaced), where it is possible to TTL value is 64, instead of UNIX host, be in so 255 from here to its destination after 64-51 = 13 routing. When I do not know its destination of the operation system we can according to TTL to guess, but not necessarily 100% accurate, if the goal host is the Windows, but after such as 75 router, then TTL return values is 128-75 = 53, then you may think this purpose host is the Linux system, but it is not the average after so many routers, so by the judge purpose of host TTL operating system or have certain basis.
No comments:
Post a Comment