Wandering's Blog » 日志 » [转载] Initial TTL values
[转载] Initial TTL values
Wandering 发表于 2008-06-04 14:24:54
.
Initial TTL values
=========================
(Original Link http://members.cox.net/~ndav1/self_published/TTL_values.html )
The following table shows the initial TTL values that are used by a number of operating systems. Why should you care? Well when you are looking at a trace it is sometimes not obvious where the protocol analyzer was in relation to the hosts of interest. By looking at the TTL values recorded by the analyzer and knowing the initial TTL value you can get an idea of the "distance" between the end points and the analyzer. I gleaned the information in this table from looking at traces and when possible system documentation. I have also stolen shamelessly from other sources on the web.
OS Version Protocol TTL Notes
================================================================
AIX TCP 60
AIX UDP 30 2
AIX 3.2, 4.1 ICMP 255 3
BSDI BSD/OS 3.1 and 4.0 ICMP 255 3
Compa Tru64 v5.0 ICMP 64 3
DEC Pathworks V5 TCP and UDP 30 2
FreeBSD 2.1R TCP and UDP 64 2
FreeBSD 3.4, 4.0 ICMP 255 3
FreeBSD 5.0 ICMP 64 2
HP-UX 9.0x TCP and UDP 30 2
HP-UX 10.01 TCP and UDP 64 2
HP-UX 10.20 ICMP 255 3
HP-UX 11.00 ICMP 255 3
HP-UX 11.00 TCP 64
Irix 5.3 TCP and UDP 60 2
Irix 6.x TCP and UDP 60 2
Irix 6.5.3, 6.5.8 ICMP 255 2
MPE/IX (HP) ICMP 200
Linux 2.0.x kernel ICMP 64 3
Linux 2.2.14 kernel ICMP 255 3
Linux 2.4 kernel ICMP 255 3
Linux Red Hat 9 ICMP and TCP 64
MacOS/MacTCP 2.0.x TCP and UDP 60 2
NetBSD ICMP 255 3
OpenBSD 2.6 & 2.7 ICMP 255 3
OpenVMS 7.1-2 ICMP 255 3
OS/2 TCP/IP 3.0 64 4
OSF/1 V3.2A TCP 60 2
OSF/1 V3.2A UDP 30 2
Solaris 2.5.1, 2.6, 2.7, 2.8 ICMP 255 3
Solaris 2.8 TCP 64
Stratus TCP_OS ICMP 255
Stratus TCP_OS (14.2-) TCP and UDP 30 1
Stratus TCP_OS (14.3+) TCP and UDP 64 1
Stratus STCP ICMP/TCP/UDP 60
SunOS 4.1.3/4.1.4 TCP and UDP 60 2
SunOS 5.7 ICMP and TCP 255
Ultrix V4.1/V4.2A TCP 60 2
Ultrix V4.1/V4.2A UDP 30 2
Ultrix V4.2 - 4.5 ICMP 255 3
VMS/Multinet TCP and UDP 64 2
VMS/TCPware TCP 60 2
VMS/TCPware UDP 64 2
VMS/Wollongong 1.1.1.1 TCP 128 2
VMS/Wollongong 1.1.1.1 UDP 30 2
VMS/UCX TCP and UDP 128 2
Windows for Workgroups TCP and UDP 32 2
Windows 95 TCP and UDP 32 2
Windows 98 ICMP 32
Windows 98, 98 SE ICMP 128 3
Windows 98 TCP 128
Windows NT 3.51 TCP and UDP 32 2
Windows NT 4.0 TCP and UDP 128 2
Windows NT 4.0 SP5- 32 4
Windows NT 4.0 SP6+ 128 4
Windows NT 4 WS SP 3, SP 6a ICMP 128 3
Windows NT 4 Server SP4 ICMP 128 3
Windows ME ICMP 128 3
Windows 2000 pro ICMP/TCP/UDP 128
Windows 2000 family ICMP 128 3
Windows Server 2003 128 4
Windows XP ICMP/TCP/UDP 128
Notes
-------
1) The external variables tcpos_tcp_ttl$ and tcpos_udp_ttl$ can be used to change TCP_OS defaults. I am also not exactly sure when the change from 30 to 64 took place.
2) Stolen from http://secfr.nerim.net/docs/fingerprint/en/ttl_default.html. This site also has a very nice section on the commands to change the default TTLs for many of these systems
3) I read this but no longer have the reference
4) Stolen from http://www.pmg.com/tip_archive/03_12.htm
...
Initial TTL values
=========================
(Original Link http://members.cox.net/~ndav1/self_published/TTL_values.html )
The following table shows the initial TTL values that are used by a number of operating systems. Why should you care? Well when you are looking at a trace it is sometimes not obvious where the protocol analyzer was in relation to the hosts of interest. By looking at the TTL values recorded by the analyzer and knowing the initial TTL value you can get an idea of the "distance" between the end points and the analyzer. I gleaned the information in this table from looking at traces and when possible system documentation. I have also stolen shamelessly from other sources on the web.
OS Version Protocol TTL Notes
================================================================
AIX TCP 60
AIX UDP 30 2
AIX 3.2, 4.1 ICMP 255 3
BSDI BSD/OS 3.1 and 4.0 ICMP 255 3
Compa Tru64 v5.0 ICMP 64 3
DEC Pathworks V5 TCP and UDP 30 2
FreeBSD 2.1R TCP and UDP 64 2
FreeBSD 3.4, 4.0 ICMP 255 3
FreeBSD 5.0 ICMP 64 2
HP-UX 9.0x TCP and UDP 30 2
HP-UX 10.01 TCP and UDP 64 2
HP-UX 10.20 ICMP 255 3
HP-UX 11.00 ICMP 255 3
HP-UX 11.00 TCP 64
Irix 5.3 TCP and UDP 60 2
Irix 6.x TCP and UDP 60 2
Irix 6.5.3, 6.5.8 ICMP 255 2
MPE/IX (HP) ICMP 200
Linux 2.0.x kernel ICMP 64 3
Linux 2.2.14 kernel ICMP 255 3
Linux 2.4 kernel ICMP 255 3
Linux Red Hat 9 ICMP and TCP 64
MacOS/MacTCP 2.0.x TCP and UDP 60 2
NetBSD ICMP 255 3
OpenBSD 2.6 & 2.7 ICMP 255 3
OpenVMS 7.1-2 ICMP 255 3
OS/2 TCP/IP 3.0 64 4
OSF/1 V3.2A TCP 60 2
OSF/1 V3.2A UDP 30 2
Solaris 2.5.1, 2.6, 2.7, 2.8 ICMP 255 3
Solaris 2.8 TCP 64
Stratus TCP_OS ICMP 255
Stratus TCP_OS (14.2-) TCP and UDP 30 1
Stratus TCP_OS (14.3+) TCP and UDP 64 1
Stratus STCP ICMP/TCP/UDP 60
SunOS 4.1.3/4.1.4 TCP and UDP 60 2
SunOS 5.7 ICMP and TCP 255
Ultrix V4.1/V4.2A TCP 60 2
Ultrix V4.1/V4.2A UDP 30 2
Ultrix V4.2 - 4.5 ICMP 255 3
VMS/Multinet TCP and UDP 64 2
VMS/TCPware TCP 60 2
VMS/TCPware UDP 64 2
VMS/Wollongong 1.1.1.1 TCP 128 2
VMS/Wollongong 1.1.1.1 UDP 30 2
VMS/UCX TCP and UDP 128 2
Windows for Workgroups TCP and UDP 32 2
Windows 95 TCP and UDP 32 2
Windows 98 ICMP 32
Windows 98, 98 SE ICMP 128 3
Windows 98 TCP 128
Windows NT 3.51 TCP and UDP 32 2
Windows NT 4.0 TCP and UDP 128 2
Windows NT 4.0 SP5- 32 4
Windows NT 4.0 SP6+ 128 4
Windows NT 4 WS SP 3, SP 6a ICMP 128 3
Windows NT 4 Server SP4 ICMP 128 3
Windows ME ICMP 128 3
Windows 2000 pro ICMP/TCP/UDP 128
Windows 2000 family ICMP 128 3
Windows Server 2003 128 4
Windows XP ICMP/TCP/UDP 128
Notes
-------
1) The external variables tcpos_tcp_ttl$ and tcpos_udp_ttl$ can be used to change TCP_OS defaults. I am also not exactly sure when the change from 30 to 64 took place.
2) Stolen from http://secfr.nerim.net/docs/fingerprint/en/ttl_default.html. This site also has a very nice section on the commands to change the default TTLs for many of these systems
3) I read this but no longer have the reference
4) Stolen from http://www.pmg.com/tip_archive/03_12.htm
...
相关日志:
收藏:
QQ书签
del.icio.us
订阅:
Google
抓虾
