residual TTL in ICMP

Posted by: Jan Galkowski

residual TTL in ICMP - 09/21/10 03:02 PM

(I searched for this topic but found nothing.)

Paths to nodes may be asymmetric. One way of detecting this modulo path length is to decode the residual TTL in the return ICMP packet. Based upon source OS characteristics, this TTL is initialized at different values. The difference between the final value and these initialization values in the case of the correct (guess of) OS gives the number of hops from the end to the beginning. If this number of hops differs from the outgoing number of hops, then there is a path asymmetry, and knowing this is useful.