When I was working on networking & data communication using several scripting & tools, Ping was my first tool in networking. I found an article about operating system detection using TTL(TIME TO Live) & Ping, which jerked my brain. Ping is a networking utility in DCN used to check connectivity between two devices in networking which can be used from the command line of window & terminal of Linux operating systems. and Time TO Live simply means, how long a resolver is supposed to cache the DNS query before the query expires and a new one needs to be done.
As You can see in the above ipv4 header there is one field about Time to live which contains 8 bits, it is a mechanism that limits the lifespan or lifetime of data in a computer or network in ipv4.
Note: For more information about ipv4 TTL visit Wikipedia.
This diagram shows the different TTL values of operating systems according to their window size(discuss later).
It's time to detect an operating system with TTL values & Ping, So first of all because I was working on a window, the time was to open the power shell(the only reason why I used the window). In step one, I ran the tracert(traceroute in Linux) command to trace the route of IP or domain.
Command: tracert dev.to
Note : Number Of Hops : 10 .
Time was to run ping, Ping operates by sending Internet Control Message Protocol (ICMP) Echo Request packets to the target host and waiting for an ICMP Echo Reply.
Command: ping dev. to
Now TTL value is 54 & Number Of Hops we get 10 By adding TTL value with Hops in number (54+10 = 64), we can conclude that there is a Linux Machine Running Because The first diagram shows that Linux includes 64 TTL.
In the next para I am explaining the power-shell script to detect OS.
Power-shell has its function & cmdlets that can work as same as ping to get TTL value, so because I wanted to automate the whole Operating system detection process using TTL in a single power-shell module as ping.
In the coding part, I wrote a power-shell module with the PsPing function for Os in which I implemented the test-connection cmdlet of powershell.
To run above module/script I opened up my power-shell terminal:
1. import-module -name 'path of file/name' 2. get-command -module TTLOs.psm1 3. PsPing google.com
exploit > import-module -name TTlOs.psm1 exploit > wc F:\coding_part\powershell_scripting\scripts\TTlOs.psm1 52 130 803 F:\coding_part\powershell_scripting\scripts\TTlOs.psm1 exploit > PsPing google.com Target is running on Linux Machine according to TTL value 53