When I was working on networking & data communication using several scripting & tools, Ping was my first tool in networking. I found an article about operating system detection using TTL(TIME TO Live) & Ping, which jerked my brain. Ping is a networking utility in DCN used to check connectivity between two devices in networking which can be used from the command line of window & terminal of Linux operating systems. and Time TO Live simply means, how long a resolver is supposed to cache the DNS query before the query expires and a new one needs to be done.
As You can see in the above ipv4 header there is one field about Time to live which contains 8 bits, it is a mechanism that limits the lifespan or lifetime of data in a computer or network in ipv4.
Note: For more information about ipv4 TTL visit Wikipedia.
What I Did ?
This diagram shows the different TTL values of operating systems according to their window size(discuss later).
It's time to detect an operating system with TTL values & Ping, So first of all because I was working on a window, the time was to open the power shell(the only reason why I used the window). In step one, I ran the tracert(traceroute in Linux) command to trace the route of IP or domain.
Command: tracert dev.to
Note : Number Of Hops : 10 .
Time was to run ping, Ping operates by sending Internet Control Message Protocol (ICMP) Echo Request packets to the target host and waiting for an ICMP Echo Reply.
Command: ping dev. to
Now TTL value is 54 & Number Of Hops we get 10 By adding TTL value with Hops in number (54+10 = 64), we can conclude that there is a Linux Machine Running Because The first diagram shows that Linux includes 64 TTL.
In the next para I am explaining the power-shell script to detect OS.
Powershell to detect Operating System:
Power-shell has its function & cmdlets that can work as same as ping to get TTL value, so because I wanted to automate the whole Operating system detection process using TTL in a single power-shell module as ping.
In the coding part, I wrote a power-shell module with the PsPing function for Os in which I implemented the test-connection cmdlet of powershell.
To run above module/script I opened up my power-shell terminal:
1. import-module -name 'path of file/name'
2. get-command -module TTLOs.psm1
3. PsPing google.com
Execution:
exploit > import-module -name TTlOs.psm1
exploit > wc F:\coding_part\powershell_scripting\scripts\TTlOs.psm1
52 130 803 F:\coding_part\powershell_scripting\scripts\TTlOs.psm1
exploit > PsPing google.com
Target is running on Linux Machine according to TTL value 53
Research Paper is also present on my github related to TTL.
so enjoy & support me follow me on github and twitter
Top comments (0)