First outline the TTL (Time To Live), right!
TTL translates network lifetime, that is a network packet, the number of hops it forwards in the network equipment (network equipment generally refers to here is a router), the default value is 64, there are a lot of settings for 128, or you can set 255 or less, so sometimes see some of the TTL value is greater than 64 would not be surprised. Each time through the route, the TTL value will generally -1, such as the original 64 is, after one route, becomes a 63.
TTL main role is to avoid infinite loops IP packet and packet data transceivers in the network, and enables the sender of the IP packet to receive alarm message (this is not the focus of this article, not specifically described, the network number, can be search about themselves).
TTL field exists in the IP layer protocol, so we can look into the field in IP packet layer, see figure (packet figure is I readily downloaded over a network)
Seen on FIG. 64 is a Time To Live, indicating the source host and the destination host on the same network segment, without routing forwarding, the machine is even.
Time To Live above packet is 251, indicating that the source host TTL should be set to 255. (I think no one should deliberately set a wonderful value 251, 253, right ...)
That basic introduction on here, now is that TTL play, how to see it to troubleshoot network problems.
First, in some professional generally inside the network, we will have a corresponding network topology. But when you get the network topology, which is not really the case of network topology and on the unanimous? This requires verification, and this time we can ping (set some strategies on some hosts will not respond to ping message) or whether to observe the distribution and topology map based on a host of data packets between two hosts in TTL the same situation.
The figure is a TTL value that appears when the ping:
As in the above TTL packet has examples, not given.
Sometimes you find, TTL and network topology it will be inconsistent, especially in the case of complex networks, and network time for a long time, and after which the modified descendants of the network, often all kinds of strange problems.
There are no networks in some of the network topology, the network may be very simple beginning, no, but slowly added a lot of network equipment, also changed the structure of the network, this time, we can also use the network to verify whether the TTL correct. He said one way, if you feel this observation is not clear, Linux can be used in the windows and using the traceroute command tracert command to print a clear path to the network, as shown below:
In addition there will be a situation, a network packet is arrested, such as the following figure:
In the figure is 10.0.0.1 and 10.0.0.2 communication, TTL is 255, it is likely you will still find some of the data packet is sent 10.0.0.2, but a big difference TTL, that there may be redirected to the network path, visit another server, or other servers to be hijacked. Therefore, analysis of network data, we also need to look at the TTL value is abnormal.