Operating Systems can be detected using Ping Command, Ping is a computer network administration software utility, used to find the Availability of a host on an Internet Protocol (IP) network.
Ping operates by sending Internet Control Message Protocol (ICMP) Echo Request packets to the target host and waiting for an ICMP Echo Reply.
TTL is simply meant, how long a resolver is supposed to cache the DNS query before the query expires and a new one needs to be done.
These TTL values differ between the Operating system. Here you find the TTL value for the Range of servers. Reference subinsb.
Device / OS | Version | Protocol | TTL |
AIX | TCP | 60 | |
AIX | UDP | 30 | |
AIX | 3.2, 4.1 | ICMP | 255 |
BSDI | BSD/OS 3.1 and 4.0 | ICMP | 255 |
Compa | Tru64 v5.0 | ICMP | 64 |
Cisco | ICMP | 254 | |
DEC Pathworks | V5 | TCP and UDP | 30 |
Foundry | ICMP | 64 | |
FreeBSD | 2.1R | TCP and UDP | 64 |
FreeBSD | 3.4, 4.0 | ICMP | 255 |
FreeBSD | 5 | ICMP | 64 |
HP-UX | 9.0x | TCP and UDP | 30 |
HP-UX | 10.01 | TCP and UDP | 64 |
HP-UX | 10.2 | ICMP | 255 |
HP-UX | 11 | ICMP | 255 |
HP-UX | 11 | TCP | 64 |
Irix | 5.3 | TCP and UDP | 60 |
Irix | 6.x | TCP and UDP | 60 |
Irix | 6.5.3, 6.5.8 | ICMP | 255 |
juniper | ICMP | 64 | |
MPE/IX (HP) | ICMP | 200 | |
Linux | 2.0.x kernel | ICMP | 64 |
Linux | 2.2.14 kernel | ICMP | 255 |
Linux | 2.4 kernel | ICMP | 255 |
Linux | Red Hat 9 | ICMP and TCP | 64 |
MacOS/MacTCP | 2.0.x | TCP and UDP | 60 |
MacOS/MacTCP | X (10.5.6) | ICMP/TCP/UDP | 64 |
NetBSD | ICMP | 255 | |
Netgear FVG318 | ICMP and UDP | 64 | |
OpenBSD | 2.6 & 2.7 | ICMP | 255 |
OpenVMS | 07.01.2002 | ICMP | 255 |
OS/2 | TCP/IP 3.0 | 64 | |
OSF/1 | V3.2A | TCP | 60 |
OSF/1 | V3.2A | UDP | 30 |
Solaris | 2.5.1, 2.6, 2.7, 2.8 | ICMP | 255 |
Solaris | 2.8 | TCP | 64 |
Stratus | TCP_OS | ICMP | 255 |
Stratus | TCP_OS (14.2-) | TCP and UDP | 30 |
Stratus | TCP_OS (14.3+) | TCP and UDP | 64 |
Stratus | STCP | ICMP/TCP/UDP | 60 |
SunOS | 4.1.3/4.1.4 | TCP and UDP | 60 |
SunOS | 5.7 | ICMP and TCP | 255 |
Ultrix | V4.1/V4.2A | TCP | 60 |
Ultrix | V4.1/V4.2A | UDP | 30 |
Ultrix | V4.2 – 4.5 | ICMP | 255 |
VMS/Multinet | TCP and UDP | 64 | |
VMS/TCPware | TCP | 60 | |
VMS/TCPware | UDP | 64 | |
VMS/Wollongong | 1.1.1.1 | TCP | 128 |
VMS/Wollongong | 1.1.1.1 | UDP | 30 |
VMS/UCX | TCP and UDP | 128 | |
Windows | for Workgroups | TCP and UDP | 32 |
Windows | 95 | TCP and UDP | 32 |
Windows | 98 | ICMP | 32 |
Windows | 98, 98 SE | ICMP | 128 |
Windows | 98 | TCP | 128 |
Windows | NT 3.51 | TCP and UDP | 32 |
Windows | NT 4.0 | TCP and UDP | 128 |
Windows | NT 4.0 SP5- | 32 | |
Windows | NT 4.0 SP6+ | 128 | |
Windows | NT 4 WRKS SP 3, SP 6a | ICMP | 128 |
Windows | NT 4 Server SP4 | ICMP | 128 |
Windows | ME | ICMP | 128 |
Windows | 2000 pro | ICMP/TCP/UDP | 128 |
Windows | 2000 family | ICMP | 128 |
Windows | Server 2003 | 128 | |
Windows | XP | ICMP/TCP/UDP | 128 |
Windows | Vista | ICMP/TCP/UDP | 128 |
Windows | 7 | ICMP/TCP/UDP | 128 |
Windows | Server 2008 | ICMP/TCP/UDP | 128 |
Windows | 10 | ICMP/TCP/UDP | 128 |
We should run the traceroute command first to determine the hops between the Target and the destination.
tracert gbhackers.com
Total number of hops = 11
Now Ping the Domain ping gbhackers.com
TTL value is TTL=53, By making the Sum of the TTL value and the number of hops we can define the operating system (53 + 11 = 64), and we can conclude that there is a Linux Machine Running.
This is how Operating Systems can be detected using Ping Command.
You can follow us on Linkedin, Twitter, and Facebook for daily Cybersecurity and Hacking New updates.
Two significant security vulnerabilities in generative AI systems have been discovered, allowing attackers to bypass…
AI-generated medical scams across TikTok and Instagram, where deepfake avatars pose as healthcare professionals to…
The cybersecurity landscape faces an escalating crisis as AgeoStealer joins the ranks of advanced infostealers…
The cybersecurity landscape has changed dramatically in recent years, largely due to the introduction of…
In the ever-evolving world of cybersecurity, organizations must continuously adapt their defense strategies to stay…
Developing a strong security culture is one of the most critical responsibilities for today’s CISOs…
View Comments
traceroute -16 & ping ttl -54 for me explain the os
Thank you for your comment. Suggested method will work only if default TTL value was not Changed. Also this method fail if Datacenter routing traffic to a different subnet. Nowadays more advanced tools available for OS detection... But almost every tool will fail if Banner grabbing done in server end..
Bro, this is Krishna (OTG Hackers). Please help m eyaar. I am still waiting..
common man TTL please have a basic understanding of networking please!!TTL means "time to live". It is a value on an ICMP packet that prevents that packet from propagating back and forth between hosts ad infinitum. Each router that touches the packet decrements the TTL. If the TTL ever reaches zero, the packet is discarded. It's also a measure of how many hops the packet took. If the TTL value started at, say, 128 and you see a value of 28, then there were 100 hops between the system where the packet originated and the final destination. My guess is that the initial TTL for the ping packets was 255, so the first ping traversal took 200 hops and the second took 9.
kudos!
From TTL of 64, you blindly conclude it’s Linux? This is BS article lol