August 17th, 2004, 03:40 AM
Linux TTL values.
I have been studying up on OS fingerprinting and I have hit a part where I scratch my head, and need some outside advice. From all of the stuff I have read it says that most *nix based OS's will return a TTL value of 255 in an ICMP echo reply. This is fine but for one thing, I am running slack 9.1 and it returns 64. Which Kernel did they change it back to 64? Or did theynot and I am an idiot. I am just wondering. Thanks for the help.
August 17th, 2004, 04:33 AM
Genetic unixes may in fact be 255, but to my recollection linux has always been 64. All my slack boxes (dating back to slack 7) here return 64.
The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
\"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
Is your whole family retarded, or did they just catch it from you?
August 17th, 2004, 04:39 AM
Thank you very much chsh. I was a bit confused because something I read stated that 2.4.x kernels returned 255. Anyways thanks again for the answer.
August 17th, 2004, 11:29 AM
RedHat 6.2 - 9.0, Fedora and Enterprise Linux all return 64. You must be an idiot.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
August 17th, 2004, 11:38 AM
FreeBSD also uses a default TTL of 64. This can easily be changed:
Just beware the TTL on the echo-reply is the one used by the remote host.
If you receive TTLs back of say 126 you're probably pinging a windows host.
AFAIK most windows versions use a default TTL of 128.
Experience is something you don't get until just after you need it.