Tips & Tricks

Using Ping TTLs Values to Fingerprint Operating Systems


Using Ping

You can start by pinging your target system.

ping <targetIP>

Take a look at the returned TTL value. As long as you’re able to ping the host directly without going through dozens of hops, the returned TTL should give you a hint as to what OS the system is running.

  • Windows by default will return a value near 32 or 128.
  • Linux by default will return a value near 63 or 64.

The TTL value will decrease by one for every hop that it takes. You can always run a tracert against the target to make note of the number of hops if you’re ever in doubt.

You can find more details of other operating system at https://subinsb.com/default-device-ttl-values/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s