I have been largely looking at packet captures for tcp streams. today I noticed that I was oddly getting icmp ttl exceeded messages back on the network from various devices on the path when I wasn't even pinging...

I have to admit parsing icmp is not in my skillset. Is there useful information in the icmp messages in this capture?

http://snapon.lab.bufferbloat.net/~d/ttl_exceeded.cap

--
Dave Täht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html