interpreting ping results

  • I'm pinging and am I'm puzzled by the result.

    C:\Users\jon>ping -t
    Pinging [] with 32 bytes of data:
    Reply from bytes=32 time=195ms TTL=46
    Reply from bytes=32 time=230ms TTL=44
    Reply from bytes=32 time=175ms TTL=45
    Reply from bytes=32 time=208ms TTL=44
    Reply from bytes=32 time=180ms TTL=46
    Reply from bytes=32 time=206ms TTL=44
    Reply from bytes=32 time=209ms TTL=44
    Reply from bytes=32 time=173ms TTL=46
    Reply from bytes=32 time=170ms TTL=46
    Reply from bytes=32 time=224ms TTL=45
    Reply from bytes=32 time=200ms TTL=45
    Reply from bytes=32 time=172ms TTL=46
    Reply from bytes=32 time=258ms TTL=44

    I vaguely understand the TTL value as the number of hops that the packet traverses to reach its destination, but I don't understand how TTL can have such a dramatic +/- 1 variance in such a short amount of time.

    Also, it seems Yahoo has some kind of rate-limiting implemented as a persistent ping will start timing out after about 20 packets. Is this normal? doesn't even reply to me!

    When pinging the TTLs are consistent.

    When pinging sometimes I get TTL=249, but usually TTL-58.

    What's going on? Are my ISP up to no good or is there a less sinister explanation?

    ibgp load balancing by one of your upstreams is a possible cause, but we have insufficient information to know. You can find this out by tracerouting... pls google for mtr and explore some more

    If you can provide your source ip (curl I can try several vantage points to see the return path options

  • Artanix

    Artanix Correct answer

    8 years ago

    Most likely this is caused by load balancing across multiple networks. Each ping will take a different path and accordingly will have a difference TTL value.

    I also read about search engine providers doing strange things with TTL, but its just going through a different route either way.

    TTL values are different when sourced from different operating systems:

    • Windows: 128
    • Linux: 64
    • Cisco: 255
    • Solaris: 255

    And yes, some sites will stop responding to ICMP after a certain amount of time, or when a rate limit is hit. I believe Google's DNS on eventually stops after a while.

License under CC-BY-SA with attribution

Content dated before 7/24/2021 11:53 AM

Tags used