OS fingerprinting is a technique used to determine the type and version of the operating system running on a remote host. The nmap-os-db data file contains thousands of signatures. However, different remote operating systems respond to Nmap's specialized OS detection probes. A fingerprint contains an operating system's name, its general classification, and response data pattern.

A typical fingerprint format appears as shown in the following figure. During detection probe, attributes and results are compared against the Nmap os-db OS database. A simple command can be used for OS detection with the flag -O:

#sudo nmap --O <ip or ip subnet>

The following screenshot is specific to the Cisco 2820 device and shows that a number of tests will be performed before Nmap declares that device as Cisco 2820. This Nmap database will have similar fingerprints for most known devices, and this keeps growing:

We can see the following terms in the above snapshot: