Find the Operating System of a server using ping and traceroute

It is simply possible to find or understand the OS a server is running on, using Ping and Traceroute scans.

Note: There are advanced tools to detect OS type, but this is one simple method that might not just be accurate if the datacenter routing traffic to a different subnet.

Ping is a computer network administration software utility, which used to find the Availability of a host on an Internet Protocol (IP) network.

Traceroute is a computer network diagnostic tool for displaying the route and measuring transit delays of packets across an Internet Protocol (IP) network.

We would need the TTL value and sometimes the total number of hops made in traceroute for OS detection.

Below is the table of OS with version and protocol details and the default values. These values differs between the Operating system. Reference: Subinsb gives details of the table of TTL values of different OS.

Device / OS Version Default values
AIX 60
AIX 30
AIX 3.2, 4.1 255
BSDI BSD/OS 3.1 and 4.0 255
Compa Tru64 v5.0 64
Cisco 254
DEC Pathworks V5 30
Foundry 64
FreeBSD 2.1R 64
FreeBSD 3.4, 4.0 255
FreeBSD 5 64
HP-UX 9.0x 30
HP-UX 10.01 64
HP-UX 10.2 255
HP-UX 11 255
HP-UX 11 64
Irix 5.3 60
Irix 6.x 60
Irix 6.5.3, 6.5.8 255
juniper 64
MPE/IX (HP) 200
Linux 2.0.x kernel 64
Linux 2.2.14 kernel 255
Linux 2.4 kernel 255
Linux Red Hat 9 64
MacOS/MacTCP 2.0.x 60
MacOS/MacTCP X (10.5.6) 64
NetBSD 255
Netgear FVG318 64
OpenBSD 2.6 & 2.7 255
OpenVMS 07.01.2002 255
OS/2 TCP/IP 3.0 64
OSF/1 V3.2A 60
OSF/1 V3.2A 30
Solaris 2.5.1, 2.6, 2.7, 2.8 255
Solaris 2.8 64
Stratus TCP_OS 255
Stratus TCP_OS (14.2-) 30
Stratus TCP_OS (14.3+) 64
Stratus STCP 60
SunOS 4.1.3/4.1.4 60
SunOS 5.7 255
Ultrix V4.1/V4.2A 60
Ultrix V4.1/V4.2A 30
Ultrix V4.2 – 4.5 255
VMS/Multinet 64
VMS/TCPware 60
VMS/TCPware 64
VMS/Wollongong 1.1.1.1 128
VMS/Wollongong 1.1.1.1 30
VMS/UCX 128
Windows for Workgroups 32
Windows 95 32
Windows 98 32
Windows 98, 98 SE 128
Windows 98 128
Windows NT 3.51 32
Windows NT 4.0 128
Windows NT 4.0 SP5- 32
Windows NT 4.0 SP6+ 128
Windows NT 4 WRKS SP 3, SP 6a 128
Windows NT 4 Server SP4 128
Windows ME 128
Windows 2000 pro 128
Windows 2000 family 128
Windows Server 2003 128
Windows XP 128
Windows Vista 128
Windows 7 128
Windows Server 2008 128
Windows 10 128

You need not confuse with the long list. Here is the short version of the table you can refer to.

Device / OS Default value
*nix (Linux/Unix) 64
Windows 128
Solaris/AIX 254

First we do a ping test to get the TTL value. Incase the TTL value does not match the given table value we will do a traceroute on the same domain to get the number of hops and sum the TTL value and number of hops.

Now we perform the first test.

We ping www.kruptos.club

We are getting a TTL of 56.

Incase your TTL value matches the table then you can stop here and proceed without doing traceroute.

The value 56 cannot be found in the table so we go to perform the traceroute.

So tracert www.kruptos.club/ traceroute www.kruptos.club

Note: For all *nix based systems traceroute is the command. For windows it is tracert. The results are all the same.

We got 8 hops here.

Now we add the TTL value and Number of Traceroute hops.

Default value= 56+8 ==> 64

So we could say that kruptos.club runs on a linux server.

Alternatively you can try for any domains. You could even do this on your locahost as ping -4 localhost

One Reply to “Find the Operating System of a server using ping and traceroute”

  1. I have noticed you don’t monetize your website, don’t waste your traffic, you can earn extra cash every month because you’ve got hi quality
    content. If you want to know how to make extra
    $$$, search for: Mertiso’s tips best adsense alternative

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.