All the recent discussion about mDNS caused me to fire up Wireshark, to look at some mDNS packets. I have seen several queries and responses. The queries have a TTL of 1, which is per spec, but the responses have 255. Why is this? Multicast addresses in the 224.0.0.0/24 range are supposed to only have a TTL of 1. The IPv4 address for mDNS is 224.0.0.251. Typical TTL for outgoing packets is 64. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/07/2017 02:20 PM, James Knott wrote:
All the recent discussion about mDNS caused me to fire up Wireshark, to look at some mDNS packets. I have seen several queries and responses. The queries have a TTL of 1, which is per spec, but the responses have 255. Why is this? Multicast addresses in the 224.0.0.0/24 range are supposed to only have a TTL of 1. The IPv4 address for mDNS is 224.0.0.251. Typical TTL for outgoing packets is 64.
I suspect I know the answer. In IPv6, packets that are intended for the local link only have a TTL of 255. This is to reduce the risk of attacks by ensuring the packet came from the local link. This can be determined because a TTL of 255 would require a router pass a packet with a TTL of 0, which is then decremented to 255. However, a router is supposed to discard a packet with TTL 0. I didn't know the same was being used on IPv4. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (1)
-
James Knott