How to determine the host's operating system based on TTL

Source: Internet
Author: User
first, what is the TTL

TTL (Time to Live, lifetime) is a value in the IP protocol package, when we use the ping command for network connectivity testing or test speed, the local computer will send packets to the destination host, but some packets for some special reasons can not be properly transmitted to the destination host, If the TTL value is not set, the packet will always be transmitted over the network, wasting network resources. The packet will pass at least more than one router, when the packet passes through a router, the TTL will automatically minus 1, if reduced to 0 or not transmitted to the destination host, then the packet will be automatically lost, then the router will send an ICMP message to the original sender.

For example, if the TTL of a host is 64, then when it passes through 64 routers and does not send the packet to the destination host, then the packet will automatically discard two, how to use TTL to determine the destination host operating system type different operating system default TTL value is different , so we can use the TTL value to determine the host's operating system, but when the user modifies the TTL value, it will mislead our judgment, so this method of judgment is not necessarily accurate. The following are the default operating system ttl:1, Windows nt/2000 ttl:128 2, Windows 95/98 ttl:32 3, UNIX ttl:255 4, LINUX TTL: 64 5, WIN7 ttl:64 Three, how to confirm the number of routes determined from the TTL value

From the TTL value, we can roughly determine how many routers the host's packet passes through to the destination host, so how do we know which routers it's passing through, and here's an example:

From the TTL value can be seen in the host packet after 64-59 = 5 routers to reach the destination host, then how to confirm that the value of 5 routers is correct. The answer is: Use the tracert command inside the cmd command to view it, such as:

Iv. How to modify the default TTL value above the computer

By modifying the TTL value on this computer, it is possible to confuse the attacker's judgment (and, of course, few users would do so). The TTL value in the registry location is: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters (by typing in the cmd command: regedit, Then enter the way you can open the registry). There is a DefaultTTL DWORD value, the data is the default TTL value, we can modify the DefaultTTL inside the TTL default value, but not greater than the decimal 255.


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.