Printable View
I have been studying up on OS fingerprinting and I have hit a part where I scratch my head, and need some outside advice. From all of the stuff I have read it says that most *nix based OS's will return a TTL value of 255 in an ICMP echo reply. This is fine but for one thing, I am running slack 9.1 and it returns 64. Which Kernel did they change it back to 64? Or did theynot and I am an idiot. I am just wondering. Thanks for the help.
Genetic unixes may in fact be 255, but to my recollection linux has always been 64. All my slack boxes (dating back to slack 7) here return 64.
Thank you very much chsh. I was a bit confused because something I read stated that 2.4.x kernels returned 255. Anyways thanks again for the answer.
RedHat 6.2 - 9.0, Fedora and Enterprise Linux all return 64. You must be an idiot. ;)
FreeBSD also uses a default TTL of 64. This can easily be changed:
Just beware the TTL on the echo-reply is the one used by the remote host.Code:sysctl net.inet.ip.ttl=128
If you receive TTLs back of say 126 you're probably pinging a windows host.
AFAIK most windows versions use a default TTL of 128.