Identifying operating systems
In addition to identifying services running on servers, nmap can additionally attempt to identify the Operating System running on a particular system. This type of scan typically requires at least one open and one closed port to be reached.
How to do it...
Use nmap –O to do OS fingerprinting:
$ sudo nmap -n -O 192.168.1.205 -p 22,80 Starting Nmap 6.40 ( http://nmap.org ) at 2016-05-20 17:57 EDT Nmap scan report for 192.168.1.205 Host is up (0.013s latency). PORT STATE SERVICE 22/tcp closed ssh 80/tcp open http MAC Address: 74:DA:EA:F3:FF:07 (Unknown) Device type: general purpose Running: Linux 2.6.X|3.X OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3 OS details: Linux 2.6.32 - 3.2 Network Distance: 1 hop OS detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 2.63 seconds
How it works…
Nmap's OS detection code works by issuing various packet types to services...
