DEV Community

loading...

Operating system Detection using TTL value Powershell & Ping!

Ankit Dobhal
Developer Outreach @DeepSource || Penetration Tester || Pythoneer
・2 min read

When I was working on networking & data communication using several scripting & tools,Ping was my first tool in networking.I found a article about operating system detection using TTL(TIME TO Live) & Ping ,which jerked my brain.Ping is basically a networking utility in DCN used to check connectivity between two device in networking which can be used from command line of window & terminal of Linux operating systems.and Time TO Live is simply means, how long a resolver is supposed to cache the DNS query before the query expires and a new one needs to be done.
Alt Text
As You can see in above ipv4 header their is one field about Time to live which contains 8 bits ,it is a mechanism that limits the lifespan or lifetime of data in a computer or network in ipv4.
Note : For more information about ipv4 TTL visit Wikipedia.

What I Did ?

Alt Text
This diagram shows the different TTL values of operating systems according to their window size(discuss later).
Its time to detect operating system with TTL values & Ping , So first of all because I was working on window , the time was to open the power shell(only reason why I used window). In step one I ran the tracert(traceroute in Linux) command to trace the route of IP or domain.
Command : tracert dev.to
Alt Text
Note : Number Of Hops : 10 .
Time was to run ping, Ping operates by sending Internet Control Message Protocol (ICMP) Echo Request packets to the target host and waiting for an ICMP Echo Reply.
Command : ping dev.to
Alt Text
Now TTL value is 54 & Number Of Hops we get 10 By adding TTL value with Hops in number (54+10 = 64) , we can conclude that there is an Linux Machine Running Because The first diagram shows that Linux include 64 TTL.
In next para I am explaining power-shell script to detect OS.

Powershell to detect Operating System :

Power-shell have its function & cmdlets that can work as same as ping to get TTL value , so because I wanted to automate the whole Operating system detection process using TTL in single power-shell module as ping.
In coding part I wrote a power-shell module with PsPing function for Os in which I implemented test-connection cmdlet of powershell.


To run above module / script I opened up my power-shell terminal:
1. import-module -name 'path of file/name'
2. get-command -module TTLOs.psm1
3. PsPing google.com
Enter fullscreen mode Exit fullscreen mode

Execution:

exploit > import-module -name TTlOs.psm1
exploit > wc F:\coding_part\powershell_scripting\scripts\TTlOs.psm1
 52 130 803 F:\coding_part\powershell_scripting\scripts\TTlOs.psm1
exploit > PsPing google.com
Target is running on Linux Machine according to TTL value 53
Enter fullscreen mode Exit fullscreen mode

Research Paper is coming soon on my github related to TTL.
so enjoy & support me follow me on github,twitter & checkout ankitdobhal.github.io.

Discussion (0)

Forem Open with the Forem app