Nmap Announce mailing list archives
Re: Distinguish Win95 from Win98/NT with ICMP-TTL-field
From: "Craig Humphrey (@BundesBank)" <chumph () c-s-k de>
Date: Mon, 10 May 1999 10:11:03 +0200
Hi Jordan, and Robert, Jordan Ritter wrote:
On Sun, 9 May 1999, Robert Siemer wrote:Win95: 32 Linux 2.0.x: 64 Win98/NT: 128 Linux 2.2.x: 255 (of course we have to substract some routers between us and the target...) I think it is possible to change the behavior in Linux 2.2.x in /proc/somewhere - but its good enought for a guess, isnt it?problem with this is that some firewalls rewrite the TTL field (FW1 comes to mind) when doing packet magic.
It's worse than that. On most OS's you can change the TTL. MS even reccomend changing the TTL from 32 to 64 (or higher) as it is now quite frequent for a site and a machine to be more than 32 "hops" from each other... Ahhh what ever happend to "no more than 7 hops from the backbone"... Later'ish Craig
Current thread:
- Distinguish Win95 from Win98/NT with ICMP-TTL-field Robert Siemer (May 08)
- Re: Distinguish Win95 from Win98/NT with ICMP-TTL-field Jordan Ritter (May 08)
- Re: Distinguish Win95 from Win98/NT with ICMP-TTL-field Craig Humphrey (@BundesBank) (May 10)
- Re: Distinguish Win95 from Win98/NT with ICMP-TTL-field Jordan Ritter (May 08)