TTL(time to live)生存时间
TTL字段设置了IP 数据报能够经过的最大的路由器数,TTL 字段是由发送端初始设置的,每个处理该数据报的路由器都需要将其 TTL 值减 1,当路由器收到一个 TTL 值为 0 的数据报时,路由器会将其丢弃。
TTL 字段的目的是防止数据报在选路时无休止地在网络中流动。
TTL 字段在 IP 头部的位置 如下图所示:
识别操作系统:
上表说明:
LINUX Kernel 2.2.x & 2.4.x ICMP 回显应答的 TTL 字段值为 64
Windows 2003 ICMP 回显应答的 TTL 字段值为 128
操作验证:
例如;Windows 2003下执行ping :
ping 127.0.0.1
Pinging [127.0.0.1] with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Linux下执行ping:
[root@linuxserver ~]# ping 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.094 ms
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.081 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.081 ms
64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.081 ms
64 bytes from 127.0.0.1: icmp_seq=4 ttl=64 time=0.082 ms
64 bytes from 127.0.0.1: icmp_seq=5 ttl=64 time=0.082 ms
64 bytes from 127.0.0.1: icmp_seq=6 ttl=64 time=0.080 ms
64 bytes from 127.0.0.1: icmp_seq=7 ttl=64 time=0.081 ms
64 bytes from 127.0.0.1: icmp_seq=8 ttl=64 time=0.080 ms
64 bytes from 127.0.0.1: icmp_seq=9 ttl=64 time=0.081 ms
--- 127.0.0.1 ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 8998ms
rtt min/avg/max/mdev = 0.080/0.082/0.094/0.008 ms, pipe 2
文章参考:
《TCP/IP详解卷一:协议 》(美)W.Richard Stevens 著 机械工业出版社
http://baike.baidu.com/view/2696.htm?fr=ala0_1
http://www.bitscn.com/network/cisco/200904/160171.html