Operating system Detection using TTL value Powershell & Ping!

ankit dobhal
Jan 17 · 3 min read

When I was working on networking & data communication using several scripting & tools,Ping was my first tool in networking.I found a article about operating system detection using TTL(TIME TO Live) & Ping ,which jerked my brain.Ping is basically a networking utility in DCN used to check connectivity between two device in networking which can be used from command line of window & terminal of Linux operating systems.and Time TO Live is simply means, how long a resolver is supposed to cache the DNS query before the query expires and a new one needs to be done.

As You can see in above ipv4 header their is one field about Time to live which contains 8 bits ,it is a mechanism that limits the lifespan or lifetime of data in a computer or network in ipv4.
Note : For more information about ipv4 TTL visit Wikipedia.

What I Did ?

This diagram shows the different TTL values of operating systems according to their window size(discuss later).
Its time to detect operating system with TTL values & Ping , So first of all because I was working on window , the time was to open the power shell(only reason why I used window). In step one I ran the tracert(traceroute in Linux) command to trace the route of IP or domain.
Command : tracert dev.to

Note : Number Of Hops : 10 .
Time was to run ping, Ping operates by sending Internet Control Message Protocol (ICMP) Echo Request packets to the target host and waiting for an ICMP Echo Reply.
Command : ping dev.to

Now TTL value is 54 & Number Of Hops we get 10 By adding TTL value with Hops in number(54+10 = 64) , we can conclude that there is an Linux Machine Running Because The first diagram shows that Linux include 64 TTL.
In next para I am explaining power-shell script to detect OS.

Powershell to detect Operating System :

Power-shell have its function & cmdlets that can work as same as ping to get TTL value , so because I wanted to automate the whole Operating system detection process using TTL in single power-shell module as ping.
In coding part I wrote a power-shell module with PsPing function for Os in which I implemented test-connection cmdlet of powershell.

To run above module / script I opened up my power-shell terminal:

1. import-module -name 'path of file/name'
2. get-command -module TTLOs.psm1
3. PsPing google.com

Execution:

Research Paper is coming soon on my github related to TTL.
so enjoy & support me follow me on github,twitter & checkout ankitdobhal.github.io.


Originally published at https://dev.to on January 17, 2020.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade