While looking through log output, I noticed the TTL is different when communicating to internal / external locations. But what caught my attention was the TTL Windows used for two devices on the same network. I understand what the TTL is used for, but how the TTL is chosen is what eludes me. I've done some poking around and obviously haven't poked into the correct place, but what is the logic behind Windows choosing the TTL to use when sending packets? Below is a PING to two systems on the same network, but Windows chose a different TTL for each device. Both devices are 3 (logical) hops from me, which both TTL's show. (All masks are 20 bits.) 10.64.175.253 = router 10.64.0.7 = router [start of GRE tunnel] 10.208.224.1 = router [end of GRE tunnel] 10.208.224.63 = client node beyond the router Dumb ASCII art. [Client]--[10.64.175.253]--[10.64.0.7]--IPSECtunnel--[10.208.224.1]--[10.208.224.63] c:\>ping -n 2 10.208.224.1 Reply from 10.208.224.1: bytes=32 time=217ms TTL=253 Reply from 10.208.224.1: bytes=32 time=176ms TTL=253 c:\>ping -n 2 10.208.224.63 Reply from 10.208.224.63: bytes=32 time=234ms TTL=61 Reply from 10.208.224.63: bytes=32 time=253ms TTL=61 c:\>tracert 10.208.224.63 Tracing route to 10.208.224.63 over a maximum of 30 hops 1 <1 ms <1 ms <1 ms 10.64.175.253 2 24 ms 10 ms 55 ms 10.64.0.7 3 271 ms 280 ms 229 ms 10.208.224.63 TIA, Robert
