passive OS fingerprinting by RTTL

Certain operating systems have a "specific" pattern while communicating via tcp/ip with other computers.

3D Traceroute interpretes one of these patterns, the RTTL (Return Time To Live) of a icmp data packet.

Knowing the value, it does a wild guess about a potential operating system. Just hold your mouse some seconds above the RTTL-column item and 3D Traceroute will show the guesses in a hint window.

Knowing this, all your friend will say "d00d! u R an '1337 hax0r" and you will smile and know: it is just a piece of information, you can't trust very much.

This is kwel, isn't it?

Perhaps you noticed a small portion of sarcasm and irony. This is, because I have been asked for this 'feature' over and over again. But to be honest, it is a quite useless piece of information. Every admin can change the TTL of its operating system, so it will look like a different operating system. And the group of different operating systems, that use the same TTL is so big, that you don't know very much more than before. And you don't know any 'server software' running on the system, you even don't know any version numbers.

So you might ask yourself, what is the benefit of this untrustable information detail?