How do I know if a remote machine is using Windows or Linux?
Solution 1
It isn't definitive but nmap will do this with the command nmap -O -v (see docs for more details) If you're running windows or want a gui, look at zenmap
Solution 2
If you're on an IPv4 network, just use ping. If the response has a TTL of 128, the target is probably running Windows. If the TTL is 64, the target is probably running some variant of Unix.
Solution 3
: Presumes ping service enabled on Windows local and remote hosts
:
del _IX.txt, Windows.txt
ping -n 1 [computername|ipaddress] | findstr /i /c:"Reply" > ttl.txt
for /f "tokens=1-9* delims=:=< " %%a in (ttl.txt) do (
if %%i leq 130 (
if %%i geq 100 (
echo Windows & rem or echo %%c >> Windows.txt
) else (
if %%i equ 64 (
echo *IX & rem or echo %%c >> _IX.txt
)
)
)
)
Solution 4
Package: xprobe 'OR' xprobe2
Description: Remote OS identification
Xprobe2 allows you to determine what operating system is running on a remote
host. It sends several packets to a host and analyses the returned answers.
Xprobe2's functionality is comparable to the OS fingerprinting feature in nmap.
Example:
$ sudo apt-get install xprobe
$ sudo xprobe2 -T21-23,80,53,110 ###.###.###.###
Reference:
http://www.sys-security.com/html/projects/X.html
http://sourceforge.net/projects/xprobe/
Solution 5
One way to go is to use NMap. From the response, it can guess the remote OS.
Related videos on Youtube
09 : 29
14 : 18
05 : 46
08 : 01
08 : 10
Comments
-
Diogo over 1 year
Is there some way to run a command (such as ICMP message or another protocol), get a response from a remote machine (not on my own private local network) and analyze the message to find some evidence that this machine is running a Windows or a Linux operating system?
-
Jeroen Baert over 11 yearsMind you - some providers will detect port scanning using nmap as abuse.
-
Dchris over 10 yearsWhat do you mean by propably?
-
Dchris over 10 yearsWhat about TTL=255? I think is Unix..
-
Harry Johnston over 10 yearsI don't think I've ever seen a TTL of 255.
-
fixer1234 almost 9 yearsCan you expand your answer to explain how to accomplish that? Thanks. -
Johnathon64 almost 9 yearsYou can download a MIB browser, a good one that I use is here ireasoning.com/downloadmibbrowserfree.php. You basically give it the ip address of the device and do a walk operation
-
Eddie Studer about 7 yearsCan this modified to work with a range of IP's? If I wanted to run this to find all of the ttl's for my whole server stack.
-
Jonathan DS about 6 years@JeroenBaert namelly AWS sent me a scary email
-
Hervian about 6 yearsWhat is the explanation for this/Why is this the case.
-
Harry Johnston about 6 years@Hervian, if you mean why were those particular TTLs chosen, you'd have to ask the original programmers. If you mean why are most or all UNIX variants all the same and/or why the TTL is the same for every version of Windows, that would just be inertia - in the absence of any particular reason to change something, it tends to stay the same.
