mailing list archives
Re: IP TTL Field Value with ICMP (Oops - Identifying Windows 2000 again and more)
From: Frank Knobbe <FKnobbe () KNOBBEITS COM>
Date: Fri, 1 Sep 2000 13:14:19 -0500
-----BEGIN PGP SIGNED MESSAGE-----
From: Ofir Arkin [mailto:ofir () ITCON-LTD COM]
Sent: Thursday, August 31, 2000 6:40 AM
- Windows 95/98/98SE/ME/NT4 WRKS SP3,SP4,SP6a/NT4 Server SP4
- all using 32
as their IP TTL field value with ICMP Echo requests.
What if we do not get a match?
Than we know that some one changed the default TTL field value in
Please note that some networking devices might have values
similar to those
Some might say, that setting the default TTL value with ICMP could
be altered. True. Just do it!
Windows NT uses 128 as the default. This can (and should) be changed
with following Registry key entry:
DefaultTTL REG_DWORD 1–255 seconds
Default: Windows NT 4.0 128
Windows NT 3.51 and earlier 32
Specifies the default Time To Live (TTL) value set in the header of
outgoing IP packets. The TTL determines the maximum amount of time an
IP packet can live on the network without reaching its destination.
It limits the number of routers an IP packet can pass through before
Windows NT does not add this value to the Registry. You can add it by
editing the Registry or by using a program that edits the Registry.
There are many more important and interesting IP settings. For more
information, consult the file REGENTRY.HLP that comes with the
Windows NT Resource Kit.
BTW: My NT machines appear to be Unix ;)
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.1
Comment: PGP or S/MIME (X.509) encrypted email preferred.
-----END PGP SIGNATURE-----