TTL (Time To Live) And Fun With Mikrotik TTL Mangle

Wikipedia will be happy to explain.

In a nutshell TTL is a field in the IP header that sets how many routers a packet can traverse. If you have a routing loop and TTL didn’t exist, then the packets could indefinately loop. What’s the problem with that? Packets can travel between two routers with virtually no delay. As the packet races in a loop from router to router it consumes bandwidth and CPU resources…no good-o!

So here’s my test setup:

It's like looking at some Davinci

As a packet moves through a router the forwarding router reads the packets TTL, subtracts one from it and then forwards it on. If a packet has a TTL of one as it reaches a router it will be dropped before it has an opportunity to forward the packet. In the Mikrotik, the TTL is decremented first thing in the forward chain.

What a ping message shows for an expired TTL packet.

This would be the normal operation, but Mikrotik has a little trick up it’s port. There is a mangle rule that can be created to adjust the TTL to whatever value you want! I was thinking how fun it would be to create a routing loop…so I did. You might be surprised at how adversely a single ICMP packet can affect a router in an infinite loop. (Excuse the screaming children and the random cat noises hehe)

Screenshots for the mangle rules to set TTL to 10:

The action I set to change TTL. Increment/Decrement will use specified value to adjust by.

Here’s the code version:

1
2

/ip firewall mangle
add action=change-ttl chain=prerouting comment="" disabled=no new-ttl=set:10 protocol=icmp

So what would be an advantage of adjusting the TTL manually? You can adjust the TTL down to a lower value so that specific traffic won’t have the opportunity to travel any farther than you want. You could set the TTL on a packet to 1 as it exits the router so that only a host can exist behind your equipment.

Have fun kids!