AIX, Monitoring, Networking, Red Hat, Security, System Admin↑ Determining type of system remotely

If you run into a system that you can't access, but is available on the network, and have no idea what type of system that is, then there are few tricks you can use to determine the type of system remotely.

The first one, is by looking at the TTL (Time To Live), when doing a ping to the system's IP address. For example, a ping to an AIX system may look like this:

# ping
PING ( 56(84) bytes of data.
64 bytes from ( icmp_seq=1 ttl=253 time=0.394 ms

TTL (Time To Live) is a timer value included in packets sent over networks that tells the recipient how long to hold or use the packet before discarding and expiring the data (packet). TTL values are different for different Operating Systems. So, you can determine the OS based on the TTL value. A detailed list of operating systems and their TTL values can be found here. Basically, a UNIX/Linux system has a TTL of 64. Windows uses 128, and AIX/Solaris uses 254.

Now, in the example above, you can see "ttl=253". It's still an AIX system, but there's most likely a router in between, decreasing the TTL with one.

Another good method is by using nmap. The nmap utility has a -O option that allows for OS detection:

# nmap -O -v | grep OS
Initiating OS detection (try #1) against (
OS details: IBM AIX 5.3
OS detection performed.

Okay, so it isn't a perfect method either. We ran the nmap command above against an AIX 7.1 system, and it came back as AIX 5.3 instead. And sometimes, you'll have to run nmap a couple of times, before it successfully discovers the OS type. But still, we now know it's an AIX system behind that IP.

Another option you may use, is to query SNMP information. If the device is SNMP enabled (it is running a SNMP daemon and it allows you to query SNMP information), then you may be able to run a command like this:

# snmpinfo -h -m get -v sysDescr.0
sysDescr.0 = "IBM PowerPC CHRP Computer
Machine Type: 0x0800004c Processor id: 0000962CG400
Base Operating System Runtime AIX version: 06.01.0008.0015
TCP/IP Client Support  version: 06.01.0008.0015"

By the way, the example for SNMP above is exactly why UNIX Health Check generally recommends to disable SNMP, or at least to dis-allow providing such system information trough SNMP by updating the /etc/snmpdv3.conf file appropriately, because this information can be really useful to hackers. On the other hand, your organization may use monitoring that relies of SNMP, in which case it needs to be enabled. But then you stil have the opportunity of changing the SNMP community name to something else (the default is "public"), which also limits the remote information gathering possibilities.

0 (0)
Article Rating (No Votes)
Rate this article
There are no attachments for this article.
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
A Unix Utility You Should Know About: lsof
Viewed 1797 times since Tue, Apr 16, 2019
AIX Full memory dump configure
Viewed 3205 times since Mon, Jul 16, 2018
AIX ODM for MPIO User Guide 09
Viewed 3741 times since Mon, Dec 31, 2018
AIX NFS Version 4 configuration over Kerberos inter-realm setup
Viewed 3724 times since Wed, Jun 27, 2018
Recovery AIX system when hang on boot (554 code error).
Viewed 15411 times since Thu, Feb 21, 2019
AIX How to Investigate a System Reboot
Viewed 6180 times since Tue, Aug 14, 2018
HOWTO: Implement SEA Failover with Dual VIOS
Viewed 7283 times since Tue, Jun 4, 2019
10 AIX Commands to Add to Your Toolbox
Viewed 4136 times since Sat, May 19, 2018
Installing a Interim Fix (APAR IV16587)
Viewed 2731 times since Tue, Jul 17, 2018
AIX Power replacing (hot-swap) failed disk in rootvg
Viewed 3471 times since Tue, Apr 16, 2019