Using tcpdump/wireshark to capture low TTL values

We suspected a network anonaly where packets were expiring because of a low TTL value. You can capture packets with a given TTL value with the following tcpdump filter:

tcpdump -v ip and 'ip[8]<32'

This will filter out any packet with a TTL lower than 32, because the TTL byte is the 8th byte in the IP header.



Note: Replies will be formatted with PHP Markdown Extra syntax.

Name: Email (Not Required):
 
Logged IP: 18.188.68.115
To prevent spam please submit by clicking the kitten: