In Windows the default TTL is 128 while in Ubuntu it is 64.

I always asked the question by what principle these values were chosen, and not for example 255?


I always asked the question by what principle these values were chosen, and not for example 255?

TTL's default value is less than its maximum possible value (255) on most OS, because it reduces the overhead of having to wait for a packet that cannot reach its destination, leading to reducing the TTL to 0. There isn't really any point in using a TTL of 255, besides for diagnostic purposes.

Let us take a look at what TTL is first:

Time to live (TTL) or hop limit is a mechanism that limits the lifespan or lifetime of data in a computer or network.

The TTL field is set by the sender of the datagram, and reduced by every router on the route to its destination.

In today's age, packets arrive at most of their destinations after no more than 10-15 hops. And this is because this is the way the world network is built. Most Internet Service Providers have many of the other ISPs' networks in their routing tables and packets mostly get sent through the shortest or fastest route to their destination. This is achieved thanks to external routing protocols like BGP (Border Gateway Protocol).

Because of this reason, the IETF (Internet Engineering Task Force) published a recommended default value for time to live, which is 64, in their RFC 1700: Assigned Numbers.
There is simply no reason to have TTL set to 255. If packets can find their destination, they'll arrive there with no more than (mostly) 10-15 hops. Rare occasions are for packets to go through more than 20 hops.

Thus, if a packet can't reach its destination, it will keep retrying until its TTL drops to 0. If the default TTL value is set to 255, then the packet will be dropped after 255 retries. If set to 64, it will be dropped after 64 retries. And chances are, that if the packet hasn't arrived to its destination after 64 hops, it most likely will never arrive there. So to reduce overhead and I/O when a packet is timing out, the recommended value for TTL is reduced, so it can reach the ICMP Time Exceeded error message faster and get dropped, so it won't be processed anymore.

Different operational systems have different default values for TTL set. Most OS tend to follow IETF's recommendation for the default value of 64 (which is a good practice), however, others set different values according to their beliefs. It's a matter of choice. Here you can see the default TTL values for most operational systems. There are some with 30, others with even 128 (like Windows).

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

Not the answer you're looking for? Browse other questions tagged or ask your own question.