Linux TTL values.
Results 1 to 5 of 5

Thread: Linux TTL values.

  1. #1
    Senior Member
    Join Date
    Jun 2004
    Posts
    112

    Linux TTL values.

    I have been studying up on OS fingerprinting and I have hit a part where I scratch my head, and need some outside advice. From all of the stuff I have read it says that most *nix based OS's will return a TTL value of 255 in an ICMP echo reply. This is fine but for one thing, I am running slack 9.1 and it returns 64. Which Kernel did they change it back to 64? Or did theynot and I am an idiot. I am just wondering. Thanks for the help.

  2. #2
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    Genetic unixes may in fact be 255, but to my recollection linux has always been 64. All my slack boxes (dating back to slack 7) here return 64.
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  3. #3
    Senior Member
    Join Date
    Jun 2004
    Posts
    112
    Thank you very much chsh. I was a bit confused because something I read stated that 2.4.x kernels returned 255. Anyways thanks again for the answer.

  4. #4
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    RedHat 6.2 - 9.0, Fedora and Enterprise Linux all return 64. You must be an idiot.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  5. #5
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    FreeBSD also uses a default TTL of 64. This can easily be changed:
    Code:
    sysctl net.inet.ip.ttl=128
    Just beware the TTL on the echo-reply is the one used by the remote host.
    If you receive TTLs back of say 126 you're probably pinging a windows host.
    AFAIK most windows versions use a default TTL of 128.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •