AIX, Monitoring, Networking, Red Hat, Security, System Admin↑ Determining type of system remotely

If you run into a system that you can't access, but is available on the network, and have no idea what type of system that is, then there are few tricks you can use to determine the type of system remotely.

The first one, is by looking at the TTL (Time To Live), when doing a ping to the system's IP address. For example, a ping to an AIX system may look like this:

# ping 10.11.12.82
PING 10.11.12.82 (10.11.12.82) 56(84) bytes of data.
64 bytes from 10.11.12.82 (10.11.12.82): icmp_seq=1 ttl=253 time=0.394 ms
...

TTL (Time To Live) is a timer value included in packets sent over networks that tells the recipient how long to hold or use the packet before discarding and expiring the data (packet). TTL values are different for different Operating Systems. So, you can determine the OS based on the TTL value. A detailed list of operating systems and their TTL values can be found here. Basically, a UNIX/Linux system has a TTL of 64. Windows uses 128, and AIX/Solaris uses 254.

Now, in the example above, you can see "ttl=253". It's still an AIX system, but there's most likely a router in between, decreasing the TTL with one.

Another good method is by using nmap. The nmap utility has a -O option that allows for OS detection:

# nmap -O -v 10.11.12.82 | grep OS
Initiating OS detection (try #1) against 10.11.12.82 (10.11.12.82)
OS details: IBM AIX 5.3
OS detection performed.

Okay, so it isn't a perfect method either. We ran the nmap command above against an AIX 7.1 system, and it came back as AIX 5.3 instead. And sometimes, you'll have to run nmap a couple of times, before it successfully discovers the OS type. But still, we now know it's an AIX system behind that IP.

Another option you may use, is to query SNMP information. If the device is SNMP enabled (it is running a SNMP daemon and it allows you to query SNMP information), then you may be able to run a command like this:

# snmpinfo -h 10.11.12.82 -m get -v sysDescr.0
sysDescr.0 = "IBM PowerPC CHRP Computer
Machine Type: 0x0800004c Processor id: 0000962CG400
Base Operating System Runtime AIX version: 06.01.0008.0015
TCP/IP Client Support  version: 06.01.0008.0015"

By the way, the example for SNMP above is exactly why UNIX Health Check generally recommends to disable SNMP, or at least to dis-allow providing such system information trough SNMP by updating the /etc/snmpdv3.conf file appropriately, because this information can be really useful to hackers. On the other hand, your organization may use monitoring that relies of SNMP, in which case it needs to be enabled. But then you stil have the opportunity of changing the SNMP community name to something else (the default is "public"), which also limits the remote information gathering possibilities.

0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
AIX rootvg Mirroring
Viewed 4056 times since Mon, May 21, 2018
Calculate hdisk READ / WRITE throughput (sequential IO) from AIX systems
Viewed 2201 times since Thu, Feb 21, 2019
How to set Kernel Parameters in AIX ?
Viewed 13725 times since Tue, Jul 2, 2019
The new VIOS performance advisor tool part util
Viewed 2781 times since Tue, Jun 4, 2019
Part 2, Detailed diagnosis and troubleshooting
Viewed 2451 times since Tue, May 22, 2018
Unlock User ID in IBM AIX
Viewed 14119 times since Mon, May 28, 2018
Using expect to automate mundane tasks
Viewed 1530 times since Mon, Jun 3, 2019
Topics: PowerHA / HACMP, Storage Adding a new volume group to an active PowerHA resource group
Viewed 2198 times since Mon, Jun 3, 2019
Monitor logfiles and command output on AIX using multitail.
Viewed 1938 times since Thu, Feb 21, 2019
AIX, Storage, System Admin↑ Identifying a Disk Bottleneck Using filemon
Viewed 9352 times since Fri, Apr 19, 2019