When I was working on networking & data communication using several scripting & tools,Ping was my first tool in networking.I found a article about operating system detection using TTL(TIME TO Live) & Ping ,which jerked my brain.Ping is basically a networking utility in DCN used to check connectivity between two device in networking which can be used from command line of window & terminal of Linux operating systems.and Time TO Live is simply means, how long a resolver is supposed to cache the DNS query before the query expires and a new one needs to be done.
As You can see in above ipv4 header their is one field about Time to live which contains 8 bits ,it is a mechanism that limits the lifespan or lifetime of data in a computer or network in ipv4.
Note : For more information about ipv4 TTL visit Wikipedia.
This diagram shows the different TTL values of operating systems according to their window size(discuss later).
Its time to detect operating system with TTL values & Ping , So first of all because I was working on window , the time was to open the power shell(only reason why I used window). In step one I ran the tracert(traceroute in Linux) command to trace the route of IP or domain.
Command : tracert dev.to
Note : Number Of Hops : 10 .
Time was to run ping, Ping operates by sending Internet Control Message Protocol (ICMP) Echo Request packets to the target host and waiting for an ICMP Echo Reply.
Command : ping dev.to
Now TTL value is 54 & Number Of Hops we get 10 By adding TTL value with Hops in number (54+10 = 64) , we can conclude that there is an Linux Machine Running Because The first diagram shows that Linux include 64 TTL.
In next para I am explaining power-shell script to detect OS.
Power-shell have its function & cmdlets that can work as same as ping to get TTL value , so because I wanted to automate the whole Operating system detection process using TTL in single power-shell module as ping.
In coding part I wrote a power-shell module with PsPing function for Os in which I implemented test-connection cmdlet of powershell.
To run above module / script I opened up my power-shell terminal:
1. import-module -name 'path of file/name' 2. get-command -module TTLOs.psm1 3. PsPing google.com
exploit > import-module -name TTlOs.psm1 exploit > wc F:\coding_part\powershell_scripting\scripts\TTlOs.psm1 52 130 803 F:\coding_part\powershell_scripting\scripts\TTlOs.psm1 exploit > PsPing google.com Target is running on Linux Machine according to TTL value 53