[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Sflow NAT detection.



On Thursday 24 April 2003 15:14, Mike Frantzen wrote:
> Or just hardcode the TTL to 255.
There's another way, but you need to set it on every-natted-box.
# sysctl -a | grep ttl
net.inet.ip.ttl = 64
As you can note default TTL is always 2^x, so we add 1 that will be removed by 
the NAT box.
# sysctl -w net.inet.ip.ttl=65
net.inet.ip.ttl: 64 -> 65
Now looking from the outside your packets seems to be sent directly from the 
NAT box. This is the solution if you have the same OS on _every_ natted box.
If there are different natted OS you have to choose a global TTL and add 1.
This must be set on every-natted-box.
Note: I don't know if is possible to use regedit to alter Windows TTL.
 Ed