Tips & Tricks

Using Ping TTLs Values to Fingerprint Operating Systems

Using Ping

You can start by pinging your target system.

ping <targetIP>

Take a look at the returned TTL value. As long as you’re able to ping the host directly without going through dozens of hops, the returned TTL should give you a hint as to what OS the system is running.

  • Windows by default will return a value near 32 or 128.
  • Linux by default will return a value near 63 or 64.

The TTL value will decrease by one for every hop that it takes. You can always run a tracert against the target to make note of the number of hops if you’re ever in doubt.

You can find more details of other operating system at