How do I know if a remote machine is using Windows or Linux?

Question

Is there some way to run a command (such as ICMP message or another protocol), get a response from a remote machine (not on my own private local network) and analyze the message to find some evidence that this machine is running a Windows or a Linux operating system?

Answer 1

It isn't definitive but nmap will do this with the command nmap -O -v (see docs for more details) If you're running windows or want a gui, look at zenmap

Answer 2

If you're on an IPv4 network, just use ping. If the response has a TTL of 128, the target is probably running Windows. If the TTL is 64, the target is probably running some variant of Unix.

Answer 3

: Presumes ping service enabled on Windows local and remote hosts
:
del _IX.txt, Windows.txt
ping -n 1 [computername|ipaddress] | findstr /i /c:"Reply" > ttl.txt
for /f "tokens=1-9* delims=:=< " %%a in (ttl.txt) do (
    if %%i leq 130 (
       if %%i geq 100 (
          echo Windows & rem or echo %%c >> Windows.txt
       ) else (
          if %%i equ 64 (
             echo *IX & rem or echo %%c >> _IX.txt
          )
       )
    )
)

Answer 4

One way to go is to use NMap. From the response, it can guess the remote OS.

Answer 5

Package: xprobe 'OR' xprobe2
Description: Remote OS identification Xprobe2 allows you to determine what operating system is running on a remote host. It sends several packets to a host and analyses the returned answers. Xprobe2's functionality is comparable to the OS fingerprinting feature in nmap.

Example:
$ sudo apt-get install xprobe
$ sudo xprobe2 -T21-23,80,53,110 ###.###.###.###

Reference:
http://www.sys-security.com/html/projects/X.html
http://sourceforge.net/projects/xprobe/

Answer 6

Following the suggestion of Johnathon64, you could use SNMP to query directly on the server - assuming the remote server itself is configured to use SNMP. You could launch a command-line query such as the one below to do it:

snmpget -v1 -c public <RemoteServerIP> sysDescr.0 | sed -n 's/.*STRING: //p' | tr -d \"

Explaining the command itself:

1. snmpget will query the object sysDescr, which contains the object's default name.
2. The following sed will exclude the beginning output, which only contains the polled OID and the beginning of the string.
3. The last command, tr, will exclude any double-quotes, usually found in the SNMP query.

The last two commands are only for formatting the output - if you don't need them, may use the very first command to extract the complete output.

Answer 7

Old post but thought I would add to this too, if the device is SNMP enabled you can also query for the sysDescr which will tell you the OS it is using.

Download a MIB browser, a good one that I use is here: http://www.ireasoning.com/downloadmibbrowserfree.php. You basically give it the IP address of the device and do a walk operation.

Answer 8

cd is a common command between Windows and Linux systems.

If you send something erroneous like cd + The Linux systems I've tested will give you something like,

-bash: cd: +: No such file or directory

Always starting with a shell ID, a reference to the problem character, and ending with "No such file or directory"

Windows always gives,

The system cannot find the path specified.

Even simpler...

cd in Linux gives no output

cd in Windows gives the current directory as output

Programmatically you can identify the system based on the output of 0 or >0 characters.

I created a switch using these patterns so that I could run a simple project on either Linux or Windows without modifying anything.