Reputation: 35
How to know the OS being used by target computer by its IP with the help of shell script?
(Without the use of NMAP) I have used the TTL value to determine the OS being used on the target computer when user enters the IP. Actually, I had to hard code the TTL values in Case statement.
So my questions are:
- Is TTL the only way by which we can get to know the OS being used?
- If TTL is not the only way then can you suggest/explain which other methods can be used to check the OS being used on target computer on the basis of entered IP?
- While searching on the web for TTL table I found that many OS have the same TTL value. So is there any way to point the exact OS?
- Is there any way to determine more information about the OS, for example whether it's 32 bit or 64 bit? And if yes the which fields and on what basis?
Here is the sample code where I have used the TTL value to determine the OS being used:
#!/bin/bash
echo "Enter IP to find it's OS"
read ip
a=`ping -c 1 $ip|grep -w "ttl" | cut -c 41-47 | tr -d ' '`
echo $a
case "$a" in
ttl=64) echo "Linux Based";;
*) echo "other";;
esac
Upvotes: 2
Views: 274
Answers (1)
Reputation: 92306
You cannot (reliably) use TTL to determine the OS. For example, you can easily change the default TTL on Linux using sysctl net.ipv4.ip_default_ttl=32. Also, as you already found out, a lot of devices are using the same TTL.
To have a somewhat reliable detection, you need to check a variety of values to form a "fingerprint". See nmap's page about their OS detection to get an idea about what values can be used for such fingerprints.
The company I work for also wrote a similar OS detection for one of our products and it took us several man-days to implement and fine-tune this. I would not recommend to do it yourself if you can avoid it (unless you're doing it for fun because you want to learn something). If you really need to do this yourself, you will need access to a variety of devices for testing and read a lot about the details of IP, TCP and ICMP to get the data for your fingerprints. I doubt you can query the required fields using bash and standard UNIX/Linux tools, btw. You're going to need to do raw socket programming or need to use some third-party networking tools… in which case you could as well just use nmap.
Upvotes: 1
Related Questions
- How to specify the private SSH-key to use when executing shell command on Git?
- How do I get the directory where a Bash script is located from within the script itself?
- How to use SSH to run a local shell script on a remote machine?
- How can I declare and use Boolean variables in a shell script?
- How do I pause my shell script for a second before continuing?
- How to call one shell script from another shell script?
- How can I pretty-print JSON in a shell script?
- How do I prompt for Yes/No/Cancel input in a Linux shell script?
- How do I check if a directory exists or not in a Bash shell script?
- How do I know the script file name in a Bash script?