Nmap Announce mailing list archives
Distinguish Win95 from Win98/NT with ICMP-TTL-field
From: Robert Siemer <siemer () i309 hadiko de>
Date: Sun, 9 May 1999 00:27:05 +0200 (CEST)
Hello all! Are more services in nmap-services interesting? I know at least rsync (rsync.samba.org), qmqp (www.qmail.org) mysqld, httpsd and junkbuster (www.junkbuster.com). Well know is also rpc.mountd, with some ports over 800... But why I'm writing this mail is: even before I used nmap, I determined the OS of a site with a simple "ping". I looked at the TTL-field for a simple check. So I found out: Win95: 32 Linux 2.0.x: 64 Win98/NT: 128 Linux 2.2.x: 255 (of course we have to substract some routers between us and the target...) I think it is possible to change the behavior in Linux 2.2.x in /proc/somewhere - but its good enought for a guess, isnt it? Bye, Rob PS: In the man-page stands something about "-d" while reading about "-v"...
Current thread:
- Distinguish Win95 from Win98/NT with ICMP-TTL-field Robert Siemer (May 08)
- Re: Distinguish Win95 from Win98/NT with ICMP-TTL-field Jordan Ritter (May 08)
- Re: Distinguish Win95 from Win98/NT with ICMP-TTL-field Craig Humphrey (@BundesBank) (May 10)
- Re: Distinguish Win95 from Win98/NT with ICMP-TTL-field Jordan Ritter (May 08)