LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] Firewall - how to read log?

[ILUG] Firewall - how to read log?

Dermot Hanley dhanley at irish-times.com
Wed Jan 19 02:44:28 GMT 2000 

> On Wed, Jan 19, 2000 at 01:16:45AM -0000, Dermot Hanley wrote:
> > T=237 : this is time to live (TTL) which is the maximum time
> the packet is
> > allowed to remain in the internet system, in this case it's 237 seconds
> > (after which is should be destroyed/dropped).
>
> The TTL is not measured in seconds.  It's measured in hops.  Each
> router or host that forwards the packet is supposed to decrement this
> field and drop the packet when it hits zero.

Sorry I should have mentioned hops in there, but...

Internet Protocol, RFC791, Page 13

TTL defined...
    "This field indicates the maximum time the datagram is allowed to
    remain in the internet system.  If this field contains the value
    zero, then the datagram must be destroyed.  This field is modified
    in internet header processing.  The time is measured in units of
    seconds, but since every module that processes a datagram must
    decrease the TTL by at least one even if it process the datagram in
    less than a second, the TTL must be thought of only as an upper
    bound on the time a datagram may exist.  The intention is to cause
    undeliverable datagrams to be discarded, and to bound the maximum
    datagram lifetime."

So the TTL isn't a strict remaining hop count as nodes can decrease the TTL
by more than one unit, e.g. depending on the time the packet was queued in a
router. The "spirit" of the field is to express both a maximum time (hence
seconds were chosen to express the unit) coupled with maximum node hop.

Regards,
Dermot (with assistence from 7 week old baby Ciara)

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell