On Linux this is easy to do. Is it possible on Windows?
Clarification: I want to increment the TTL for all incoming packets.
+3
A:
If you mean the default (as opposed to specific for a given packet), the registry entry is:
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters]
DefaultTTL
and can be set to 1 through 255.
And, I'm reliably informed by Vinko Vrsalovic (thanks), you can also set it for each interface by modifying the DefaultTTL key in:
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
\Interfaces\<InterfaceID>]
Following edit of question:
For incoming packets, the TTL is attached to a packet header when it's created at the source and decremented by the TCP/IP stack for each hop. You could write a program that will absorb the packet and create a new one but it requires low-level access to the TCP/IP stack (absorbing the packet regardless of the destination IP address and creating a new packet with a specific TTL and spoofed source address). IBM does something like this with their Edge Server load balancer, but it isn't easy. They also only have to absorb a couple of IP addresses, not an arbitrary quantity.
You also have the problem that not all packets between a source and destination will be coming through your node - that's the nature of the net and what gives it its redundancy. This may or may not be a problem for you.
paxdiablo
2008-11-23 12:43:33
It can also be set on each interface by setting it under Parameters\Interfaces\<InterfaceID>
Vinko Vrsalovic
2008-11-23 12:45:29
@Vinko, you could have just edited the answer directly, I wouldn't have minded.
paxdiablo
2008-11-23 12:53:29
@Pax: I don't think editing other people's answers in a way that changes their content is the right thing to do (nor is incorporating other people's comments into your answer and then deleting the comments)
Mitch Wheat
2008-11-23 14:08:23
I understand your suggestion but I want to change the TTL value for incoming traffic
Andrei Savu
2008-11-23 14:16:56
@Mitch, I didn't delete the comment, as you can see. I do delete comments when they no longer make sense, such as when they point out an error that I then fix (I think that's what you're referring to from a question a while ago). But I always try to attribute the source, even then.
paxdiablo
2008-11-23 22:45:47
@Andrei, the TTL is attached to a packet header when it's created. You can write a program that will absorb the packet and create a new one but it requires low-level access to the IP stack. IBM does something similar with their Edge Server load balancer - it isn't easy.
paxdiablo
2008-11-23 22:48:05
And @Mitch, from the FAQ: "Like Wikipedia, this site is collaboratively edited. If you are not comfortable with the idea of your questions and answers being edited by other trusted users, this may not be the site for you." What @Vinko suggested to add didn't change content but added to it.
paxdiablo
2008-11-23 23:11:57