操作系统指纹,TTL=56?
操作系统指纹,TTL=56?
提问于 2015-03-20 02:57:20
我只是学习操作系统指纹,当我平某个ip地址时,它给了我一个56的ttl值。
什么是值为56的操作系统?我只知道流行的操作系统的ttl值,如windows的;128,freeBSD的64,Linux2.4-2.6之间的内核等等。
回答 1
Server Fault用户
发布于 2015-03-20 03:23:22
请注意,如RFC 791中所述,TTL每次通过网络设备(例如路由器)时都会减少。
The time to live is set by the sender to the maximum time the
datagram is allowed to be in the internet system. If the datagram
is in the internet system longer than the time to live, then the
datagram must be destroyed.
This field must be decreased at each point that the internet header
is processed to reflect the time spent processing the datagram.
Even if no local information is available on the time actually
spent, the field must be decremented by 1. The time is measured in
units of seconds (i.e. the value 1 means one second). Thus, the
maximum time to live is 255 seconds or 4.25 minutes. Since every
module that processes a datagram must decrease the TTL by at least
one even if it process the datagram in less than a second, the TTL
must be thought of only as an upper bound on the time a datagram may
exist. The intention is to cause undeliverable datagrams to be
discarded, and to bound the maximum datagram lifetime.
Some higher level reliable connection protocols are based on
assumptions that old duplicate datagrams will not arrive after a
certain time elapses. The TTL is a way for such protocols to have
an assurance that their assumption is met.另外,通过在Windows中更改注册表和在Linux中使用iptables,可以很容易地欺骗TTL,因此有很多可能性,没有人能肯定地说出来。
页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/676901
复制相关文章
相似问题
腾讯云开发者
