如何区分路由器系统是VxWorks还是Linux？

phpwave

咳咳，路由器是嵌入式计算机系统，也算计算机嘛。
anywlan之类的地方，注册啊验证啊熟悉那里的环境啊太麻烦，我就不去了。。
好吧，说下问题，大家都知道，TP的路由特别喜欢AtherOs的解决方案，现在貌似也开始用更加坑爹的MTK解决方案了。
主流就是 16M内存（甚至8M）+AR9331/AR9341+2M Flash.
然后系统基本是VXWORKS或者LINUX。
常看到有人说 XX路由又缩水了，系统也从Linux变成了VxWorks。
我用过一段时间的Linux，虽然只是略知皮毛吧。
我知道，以前的内核把网卡0叫做eth0,网卡1叫做eth1.以此类推（现在不是了）
我在我的路由器WR746N里看到过 eth1和ppp0，这些都是Linux系统的命名方法。
但是，我用搜索引擎找不到WR746N的相关硬件参数和拆机照片。
和WR746N相近的是WR745N，日志里一样有ppp0和eth1,查了一下， AR9331+2M Flash+16M内存。没说系统。
能否从eth1和ppp0断定这是Linux？或者有什么判断方法？谢谢！

PS：用nmap扫了一下。OS fingerprint not ideal. VxWorks(86%)
PS2：不想拆，我还想要保修呢。

phpwave

发下 nmap -A -v -v 1.0.0.1的扫描结果吧（抱歉，其他扫描真的太费时间，我没时间等。）

Starting Nmap 6.25 ( http://nmap.org ) at 2013-05-12 20:36 CST
NSE: Loaded 106 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 2) scan.
NSE: Starting runlevel 2 (of 2) scan.
Initiating ARP Ping Scan at 20:36
Scanning 1.0.0.1 [1 port]
Completed ARP Ping Scan at 20:36, 0.02s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 20:36
Completed Parallel DNS resolution of 1 host. at 20:36, 0.18s elapsed
Initiating SYN Stealth Scan at 20:36
Scanning 1.0.0.1 [1000 ports]
Discovered open port 80/tcp on 1.0.0.1
Discovered open port 1900/tcp on 1.0.0.1
Completed SYN Stealth Scan at 20:36, 4.55s elapsed (1000 total ports)
Initiating Service scan at 20:36
Scanning 2 services on 1.0.0.1
Completed Service scan at 20:38, 106.31s elapsed (2 services on 1 host)
Initiating OS detection (try #1) against 1.0.0.1
Retrying OS detection (try #2) against 1.0.0.1
NSE: Script scanning 1.0.0.1.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 20:38
Completed NSE at 20:38, 8.29s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Nmap scan report for 1.0.0.1
Host is up (0.00036s latency).
Scanned at 2013-05-12 20:36:39 CST for 124s
Not shown: 997 filtered ports
PORT     STATE  SERVICE VERSION
80/tcp   open   http    TP-LINK WR746N WAP http config
| http-auth:
| HTTP/1.1 401 Unauthorized
|_  Basic realm=TP-LINK Wireless N Router WR746N
|_http-methods: No Allow or Public header in OPTIONS response (status code 401)
|_http-title: \xB5\xC7\xC2\xBC\xCA\xA7\xB0\xDC
1024/tcp closed kdm
1900/tcp open   upnp?
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
SF-Port1900-TCP:V=6.25%I=7%D=5/12%Time=518F8CE2%P=i686-pc-linux-gnu%r(GetR
SF:equest,A3,"HTTP/1\.0\x20404\x20Not\x20Found\r\nSERVER:\x20Wireless\x20N
SF:\x20Router\x20WR746N,\x20UPnP/1\.0\r\nCONTENT-LENGTH:\x2048\r\nCONTENT-
SF:TYPE:\x20text/html\r\n\r\n<html><body><h1>404\x20Not\x20Found</h1></bod
SF:y></html>")%r(HTTPOptions,AF,"HTTP/1\.0\x20501\x20Not\x20Implemented\r\
SF:nSERVER:\x20Wireless\x20N\x20Router\x20WR746N,\x20UPnP/1\.0\r\nCONTENT-
SF:LENGTH:\x2054\r\nCONTENT-TYPE:\x20text/html\r\n\r\n<html><body><h1>501\
SF:x20Not\x20Implemented</h1></body></html>")%r(RPCCheck,A7,"HTTP/0\.0\x20
SF:400\x20Bad\x20Request\r\nSERVER:\x20Wireless\x20N\x20Router\x20WR746N,\
SF:x20UPnP/1\.0\r\nCONTENT-LENGTH:\x2050\r\nCONTENT-TYPE:\x20text/html\r\n
SF:\r\n<html><body><h1>400\x20Bad\x20Request</h1></body></html>")%r(FourOh
SF:FourRequest,A3,"HTTP/1\.0\x20404\x20Not\x20Found\r\nSERVER:\x20Wireless
SF:\x20N\x20Router\x20WR746N,\x20UPnP/1\.0\r\nCONTENT-LENGTH:\x2048\r\nCON
SF:TENT-TYPE:\x20text/html\r\n\r\n<html><body><h1>404\x20Not\x20Found</h1>
SF:</body></html>")%r(kumo-server,A7,"HTTP/0\.0\x20400\x20Bad\x20Request\r
SF:\nSERVER:\x20Wireless\x20N\x20Router\x20WR746N,\x20UPnP/1\.0\r\nCONTENT
SF:-LENGTH:\x2050\r\nCONTENT-TYPE:\x20text/html\r\n\r\n<html><body><h1>400
SF:\x20Bad\x20Request</h1></body></html>");
OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
Aggressive OS guesses: Canon imageRUNNER C2380 or C2880i printer (96%), Avaya 4526GTX switch (94%), Canon imageRUNNER C5185 printer (91%), AirSpan ProST WiMAX access point (89%), FreeBSD 6.3-RELEASE (87%), Fujitsu Externus DX80 or IBM DCS9900 NAS device (87%), VxWorks (86%), Xerox WorkCentre Pro 7245 printer (86%), Apple AirPort Express WAP (86%), FreeBSD 4.9-RELEASE (86%)
No exact OS matches for host (test conditions non-ideal).
TCP/IP fingerprint:
SCAN(V=6.25%E=4%D=5/12%OT=80%CT=1024%CU=%PV=N%DS=1%DC=D%G=N%M=EC172F%TM=518F8D53%P=i686-pc-linux-gnu)
SEQ(SP=106%GCD=1%ISR=10D%TI=I%II=I%SS=S%TS=6)
OPS(O1=M5B4NW0NNT11%O2=M5B4NW0NNT11%O3=M5B4NW0NNT11%O4=M5B4NW0NNT11%O5=M5B4NW0NNT11%O6=M5B4NNT11)
WIN(W1=4000%W2=4000%W3=4000%W4=4000%W5=4000%W6=4000)
ECN(R=Y%DF=Y%TG=40%W=4000%O=M5B4NW0%CC=N%Q=)
T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=Y%DF=Y%TG=40%W=4000%S=O%A=S+%F=AS%O=M5B4NW0NNT11%RD=0%Q=)
T4(R=N)
T5(R=Y%DF=N%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=N)
T7(R=N)
U1(R=N)
IE(R=Y%DFI=S%TG=40%CD=S)

Uptime guess: 2.056 days (since Fri May 10 19:17:57 2013)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=255 (Good luck!)
IP ID Sequence Generation: Incremental
Service Info: Device: WAP

TRACEROUTE
HOP RTT     ADDRESS
1   0.36 ms 1.0.0.1

NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 2) scan.
NSE: Starting runlevel 2 (of 2) scan.
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 126.79 seconds
           Raw packets sent: 2062 (94.228KB) | Rcvd: 28 (1.904KB)

wjhstu-VxG

不是很清楚 帮顶…… mtk就是ralink吧？貌似buffalo高端都开始用ralink了……

phpwave

wjhstu-VxG 发表于 2013-5-12 20:41
不是很清楚 帮顶…… mtk就是ralink吧？貌似buffalo高端都开始用ralink了……

不清楚。MTK收购了ralink倒是，不过就MTK在手机市场上的质量。。我个人不看好。。谢谢顶贴。

100lj

这个不太懂。
以前看到过可以用旧U盘做路由的帖子。

ZHIZAI100

一般4M闪存的是linux的，uboot是128K，firmware是3.75M，config是64K，art也是64K
最直接的就是看价格，现在95元以下的很少有4M闪存的