Nmap can use scans that provide the OS, version, and service detection for individual or multiple devices. The OS scan works by using the TCP/IP stack fingerprinting method. The services scan works by using the Nmap-service-probes database to enumerate details of services running on a targeted host.

It works by sending specially crafted packets to a target machine and then deduces its OS based on the response. Nmap is known to be an accurate OSD tool, and it has the ability to differentiate between minor OS releases [Greenwald07].

-O (Enable OS detection)

The easiest way to manage an update is first to look at the database version number. Open the file in a text editor and the version number is usually listed on the second line. The second line of my database is ‘# $Id: nmap-os-db 35407 2015-11-10 04:26:26Z dmiller $’. The database version for this file is 35407.

You still need to enable OS detection with -O (or -A ) for the –osscan-limit option to have any effect. Another OS detection option is –osscan-guess . When Nmap is unable to detect a perfect OS match, it sometimes offers up near-matches as possibilities. The match has to be very close for Nmap to do this by default.

Nmap is short for Network Mapper. It is an open-source Linux command-line tool that is used to scan IP addresses and ports in a network and to detect installed applications. Nmap allows network admins to find which devices are running on their network, discover open ports and services, and detect vulnerabilities.

The -O option tells Nmap to attempt OS detection by sending several probes using the TCP, UDP, and ICMP protocols against opened and closed ports.

Nmap OS fingerprinting works by sending up to 16 TCP, UDP, and ICMP probes to known open and closed ports of the target machine. These probes are specially designed to exploit various ambiguities in the standard protocol RFCs. For closed TCP or UDP ports, Nmap will first check if such a port has been found.

Originally released in 1997, nmap has since become available for Windows and other Unix variants, as well. In fact, it’s considered a standard security tool and is a free and open-source security scanner.

When used properly, Nmap helps protect your network from invaders. But when used improperly, Nmap can (in rare cases) get you sued, fired, expelled, jailed, or banned by your ISP.

Scanning your own network to detect the OS types can help you to see what a hacker will be able to see about your network. OS Detection Database. NMAP has a database which is installed when you install NMAP. The database is used when doing OS detection, but it is not automatically updated.

Adding the –osscan-guess may give more clues as to what is running. The more network hops your packet has to go through to reach its target, the greater the chances that a network device will modify (or drop) the probe or response. NAT gateways, firewalls, and especially port forwarding can confuse OS detection.

When Nmap performs OS detection against a target and fails to find a perfect match, it usually repeats the attempt. By default, Nmap tries five times if conditions are favorable for OS fingerprint submission, and twice when conditions aren’t so good.

Run the command nmap -O -sV -T4 -d , where is the misidentified system in question. Look at the OS detection results to ensure that the misidentification is still present. If you are scanning the target system over IPv6, add the -6 option as well.