Nmap Announce mailing list archives
Re: Distinguish Win95 from Win98/NT with ICMP-TTL-field
From: Jordan Ritter <jpr5 () darkridge com>
Date: Sat, 8 May 1999 19:14:48 -0400 (EDT)
On Sun, 9 May 1999, Robert Siemer wrote:
Win95: 32 Linux 2.0.x: 64 Win98/NT: 128 Linux 2.2.x: 255 (of course we have to substract some routers between us and the target...) I think it is possible to change the behavior in Linux 2.2.x in /proc/somewhere - but its good enought for a guess, isnt it?
problem with this is that some firewalls rewrite the TTL field (FW1 comes to mind) when doing packet magic. Jordan Ritter Network Security Engineer Netect/Bindview Corp Boston, MA "Quis custodiet ipsos custodes?"
Current thread:
- Distinguish Win95 from Win98/NT with ICMP-TTL-field Robert Siemer (May 08)
- Re: Distinguish Win95 from Win98/NT with ICMP-TTL-field Jordan Ritter (May 08)
- Re: Distinguish Win95 from Win98/NT with ICMP-TTL-field Craig Humphrey (@BundesBank) (May 10)
- Re: Distinguish Win95 from Win98/NT with ICMP-TTL-field Jordan Ritter (May 08)