ICMP TTL Expired message received"

ICMP TTL Expired messages were received, indicating that there is a router loop. In this case, the path to the target hop is most likely broken.

Recommended action

Run ping with various TTL parameters to establish which IP addresses are involved in a routing loop. For example "ping failingtarget.com -i 255", "ping failingtarget.com -i 254", "ping failingtarget.com -i 253" and so on. Record which routers are responding, and once a pattern of failing routers is established, check each router's routing tables to find the loop.

Detailed explanation

There is a TTL or "Time-To-Live" field in the IP header (layer 3) of each packet. Delivery monitoring uses this field in its traceroute phase to determine the route taken by a packet to its destination. It does this by sending packets with varying TTL (Time To Live) values to the destination and listens for responses. Each router along the path is required to decrement the TTL on a packet by one before forwarding it, so the TTL is effectively a hop count. When the TTL value on a packet reaches 0, the router is supposed to send back an ICMP "TTL expired" message.

In this case, the TTL Expired messages were received during a test phase when TTLs are initially set to high values, e.g. 128 or higher. It is unreasonable to have a network with 128 router hops, therefore this is an indication of a router loop.

Possible secondary messages

  • "Routing loop may be causing packets to be lost"

Other resources