How to identify the Operating System using PING Command

Well as you all knows, To identify the name of OS(Operating System) using Nmap is very easy, but you can also identify the OS name with the help of Ping Command.

For Linux Distributions, we can use Nmap as shown below:

Syntax: nmap -O

For Windows Distributions, you can use Zenmap which is the graphical version of Nmap.

Now for the same result, you can use Ping command to get the name of OS. Basically Ping is a computer network administration software utility which is used to find the availability of any host on the Internet Protocol Network (IP).

Usage of Ping:

Ping operates by sending ICMP (Internet Control Message Protocol) Echo Requests packets to the host and waiting for an ICMP Echo Reply.

Syntax: ping

Now as you can see, it shows some TTL value which is currently 52, TTL(Time To Live) means how long a resolver is supposed to cache the DNS query before it expires and a new one needs to be done.

Here is the complete chart where you can see all TTL values of all servers.

Device / OS Version Protocol TTL
AIX 3.2, 4.1 ICMP 255
BSDI BSD/OS 3.1 and 4.0 ICMP 255
Compa Tru64 v5.0 ICMP 64
Cisco ICMP 254
DEC Pathworks V5 TCP and UDP 30
Foundry ICMP 64
FreeBSD 2.1R TCP and UDP 64
FreeBSD 3.4, 4.0 ICMP 255
FreeBSD 5 ICMP 64
HP-UX 9.0x TCP and UDP 30
HP-UX 10.01 TCP and UDP 64
HP-UX 10.2 ICMP 255
HP-UX 11 ICMP 255
HP-UX 11 TCP 64
Irix 5.3 TCP and UDP 60
Irix 6.x TCP and UDP 60
Irix 6.5.3, 6.5.8 ICMP 255
juniper ICMP 64
Linux 2.0.x kernel ICMP 64
Linux 2.2.14 kernel ICMP 255
Linux 2.4 kernel ICMP 255
Linux Red Hat 9 ICMP and TCP 64
MacOS/MacTCP 2.0.x TCP and UDP 60
MacOS/MacTCP X (10.5.6) ICMP/TCP/UDP 64
Netgear FVG318 ICMP and UDP 64
OpenBSD 2.6 & 2.7 ICMP 255
OpenVMS 07.01.2002 ICMP 255
OS/2 TCP/IP 3.0 64
OSF/1 V3.2A TCP 60
OSF/1 V3.2A UDP 30
Solaris 2.5.1, 2.6, 2.7, 2.8 ICMP 255
Solaris 2.8 TCP 64
Stratus TCP_OS ICMP 255
Stratus TCP_OS (14.2-) TCP and UDP 30
Stratus TCP_OS (14.3+) TCP and UDP 64
SunOS 4.1.3/4.1.4 TCP and UDP 60
SunOS 5.7 ICMP and TCP 255
Ultrix V4.1/V4.2A TCP 60
Ultrix V4.1/V4.2A UDP 30
Ultrix V4.2 – 4.5 ICMP 255
VMS/Multinet TCP and UDP 64
VMS/TCPware TCP 60
VMS/TCPware UDP 64
VMS/Wollongong TCP 128
VMS/Wollongong UDP 30
Windows for Workgroups TCP and UDP 32
Windows 95 TCP and UDP 32
Windows 98 ICMP 32
Windows 98, 98 SE ICMP 128
Windows 98 TCP 128
Windows NT 3.51 TCP and UDP 32
Windows NT 4.0 TCP and UDP 128
Windows NT 4.0 SP5- 32
Windows NT 4.0 SP6+ 128
Windows NT 4 WRKS SP 3, SP 6a ICMP 128
Windows NT 4 Server SP4 ICMP 128
Windows ME ICMP 128
Windows 2000 pro ICMP/TCP/UDP 128
Windows 2000 family ICMP 128
Windows Server 2003 128
Windows XP ICMP/TCP/UDP 128
Windows Vista ICMP/TCP/UDP 128
Windows 7 ICMP/TCP/UDP 128
Windows Server 2008 ICMP/TCP/UDP 128
Windows 10 ICMP/TCP/UDP 128

You can get the short version of default TTL values by this table :

For Unix/Linux – TTL Value = 64
For Windows – TTL Value = 128
For Solaris/AIX – TTL Value = 254

Now to find the OS you need to calculate two things, one is PING TTL value and second is tracert hops.

For Tracert, you can use this below syntax:


Tracert basically determine the hops between the Target and the destination.
So as you can see, the total No. of Hops are 12 and our TTL value is 52, by making the sum of TTL value + number of hops results 52+12 = 64, which means the server is a LINUX Machine.

For Windows 10, the default TTL Value is 128, that you can easily identify by using this command:

Syntax: ping -4 localhost

(This command only shows TTL = 128 if you are using Windows 10 OS)

This is how OS can be detected using PING and Tracert Command.

You may also like:

Sarcastic Writer

Step by step hacking tutorials about wireless cracking, kali linux, metasploit, ethical hacking, seo tips and tricks, malware analysis and scanning.

Related Posts