ttl rule option is used to check that the IP time-to-live (TTL) value in the IP header is less than, greater than, equal to, not equal to, less than or equal to, or greater than or equal to a specified integer value. This rule option can also check that the header's TTL value is between a range of numbers, using the
<> range operator for an exclusive range check or the
<=> for an inclusive one.
# Check that the TTL equals 64 ttl:64;
# Check that the TTL does not equal 64 ttl:!64;
# Check that the TTL is less than 3 ttl:<3;
# Check that the TTL is between 3 and 5 (inclusive) ttl:3<=>5;
# Check that the TTL is equal to 5 ttl:=5;