What does “TTL expired in transit” mean on a ping attempt

networkingpingtcpttl

We get the message “TTL expired in transit” when we try to ping to a server in a different network segment. When we run tracert, 4 ip addresses repeat themselves indefinitely:

14    60 ms    59 ms    60 ms  xxx.xxx.xxx.2
15    83 ms    81 ms    82 ms  xxx.xxx.xxx.128
16    75 ms    80 ms    81 ms  xxx.xxx.xxx.249
17    81 ms    78 ms    80 ms  xxx.xxx.xxx.250
18    82 ms    80 ms    77 ms  xxx.xxx.xxx.2
19   102 ms   101 ms   100 ms  xxx.xxx.xxx.128
20   101 ms   100 ms    98 ms  xxx.xxx.xxx.249
21    97 ms    98 ms    99 ms  xxx.xxx.xxx.250
...

What are the basic steps for troubleshooting this error?

Best Answer

As stated in all answers above there is loop in routing that is causing TTL to expire.

Check route on the devices whose IP addresses are repeating. On Linux you can use

route -n

as root user to see current routing table. On windows you can go to cmd and use command

route print

to see current routing table. On cisco manageable switches you can use command

show ip route

Using above commands on all the four IPs that are repeating you should see which routing table is wrong. One of the four devices / hosts involved should ideally route traffic to destination you are pinging using some other gateway.

Related Solutions

Differences of the TTL value in Tracert and Ping

Why does it happen?

Some host in path filtering you traceroute

Is it any difference between the TTL value showed in ping and the TTL value of tracert ?!

no difference(ping ttl=55, tracepath ttl=back=55)... no host filtering trace

ping ya.ru
PING ya.ru (87.250.250.3) 56(84) bytes of data.
64 bytes from www.yandex.ru (87.250.250.3): icmp_seq=1 ttl=55 time=36.6 ms

 tracepath ya.ru

 ....................

 8:  l3-s550-s450.yandex.net (213.180.213.23)              97.070ms 
 9:  l3-s650-s550.yandex.net (213.180.213.29)              97.992ms 
10:  www.yandex.ru (77.88.21.3)                            91.306ms reached
     Resume: pmtu 1500 hops 10 back 55

Then when I ping google.com the returned TTL value is 45, and I assume it means that (128 - 45) / 2 hops are existed in my way to google.

No. Path = 64(default google.com ttl) - 45(ping ttl) = 19 hops

What does the TTL on a CNAME record mean

According to this message on ISC mailing list, CNAME and the record that it points to are cached by resolving name servers (sane resolving name servers) this is done to allow resolvers to be able to optimize the resolving/caching process on the client side.

So, if the CNAME TTL is valid but the A that it points to is invalid, it will only repeat the look up to the pointed record, not the original CNAME (until the CNAME TTL is up too).

Best Answer

Related Solutions

Differences of the TTL value in Tracert and Ping

What does the TTL on a CNAME record mean

Related Topic