Discovering Operating System using ICMP - Cybrary post

in CCNA & CCENT
So someone at Cybrary posted an "article" or post or whatever they call it there with the above title.
Below is what they posted.
I replied to that thread and said that it is wrong and you can't simply deduce the OS by that information. My understanding is that that's not how traceroute works. Can someone more advanced in networking confirm that I'm right or if what they posted is right? If he os wrong, then I'm surprised that in 5k views that it got, no one said it was wrong.
Below is what they posted.
Ping and Traceroute form a simple pair of tools for operating system recognition. The technique consists of the sum of the jumps and TTL.
Firstly, we must be aware of the TTL return value of the various Operating Systems.
– Cyclades = Usually 30
– Linux = Usually 64
– Windows = Usually 128
– Cisco = Usually 255
– Linux + iptables = Usually 255
The first command to execute is Traceroute.
shady@arch:~|⇒ traceroute www.cybrary.it
traceroute to www.cybrary.it (104.20.37.13), 30 hops max, 60 byte packets
1 192.168.11.1 (192.168.11.1) 1.244 ms 1.558 ms 1.702 ms
2 jump1.com (123.123.123.123) 5.820 ms 5.812 ms 6.414 ms
3 jump2.com (124.124.124.124) 6.370 ms 6.500 ms 6.942 ms
4 jump3.com (125.125.125.125) 7.154 ms 7.068 ms 6.932 ms
5 jump4.com (126.126.126.126) 48.257 ms 48.242 ms 48.679 ms
6 jump5.com (127.127.127.127) 47.500 ms 44.990 ms 44.519 ms
7 104.20.37.13 (104.20.37.13) 47.661 ms 45.894 ms 47.833 ms
Remember the total jumps that are equal to 7.
Now we will find the TTL return with the Ping command.
shady@arch:~|⇒ ping www.cybrary.it -c 1
PING www.cybrary.it (104.20.36.13) 56(84) bytes of data.
64 bytes from 104.20.36.13 (104.20.36.13): icmp_seq=1 ttl=58 time=45.1 ms
— www.cybrary.it ping statistics —
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 45.192/45.192/45.192/0.000 ms
The return of the TTL is equal to 58. Making the sum between 58 + 7 = 65. The result is very close to 64, you can deduce that there is Linux running.
I replied to that thread and said that it is wrong and you can't simply deduce the OS by that information. My understanding is that that's not how traceroute works. Can someone more advanced in networking confirm that I'm right or if what they posted is right? If he os wrong, then I'm surprised that in 5k views that it got, no one said it was wrong.
Comments
The point of the traceroute in this article is to determine how many hops you might be missing. The fact you labbed this to test is great, keep in mind though that TTL is reduced for each hop a packet takes. If you ping a box and it returns a remaining TTL of 40, it could be a Linux box that took 24 hops to reach the host, or a Windows box that took 88 hops to reach the host, or a Linux host with IPTables enabled that took 215 hops to reach the host. You use traceroute to turn this unknown in to a known.
To the OP, yes this is how it really works. Now this isn't an exact science obviously and there are huge differences between WindowsME and Windows 10, this isn't going to get you any closer, but it's a starting point. If you want to learn more just look up host identification on nmap.