In this tutorial, I’m going to demonstrate Nmap Scanning Technique to detect Operating System of Target Machine or Network.
In order to perform scan you need to have Nmap installed on your System.
In my case I’ll be using Linux System for illustration on which I have installed Nmap.
Follow below mentioned commands to perform operating system scan on target machine or network.
i. Single Target System
iamvsm@SaraswatiRepository:~$ nmap -O 192.168.20.50
Starting Nmap 7.80 ( https://nmap.org ) at 2020-10-08 16:59 IST
Nmap scan report for 192.168.20.50
Host is up (0.0019s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
Device type: general purpose
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.11 - 4.1, Linux 4.4
Network Distance: 2 hops
OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 12.52 seconds
Where -O is used to scan Operating System as well as Open TCP Ports of Target Machine or Network.
Another Command which is used to detect Operating System, Service Version (Banner Grabbing) & TCP Ports (Default Ports)
iamvsm@SaraswatiRepository:~$ nmap -A 192.168.20.50
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 15.54 secondsStarting Nmap 7.80 ( https://nmap.org ) at 2020-10-08 16:02 IST
Nmap scan report for Vishal-Server (192.168.20.50)
Host is up (0.000064s latency).
Not shown: 997 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.1 (Ubuntu Linux; protocol 2.0)
80/tcp open http Apache httpd 2.4.41 ((Ubuntu))
|_http-server-header: Apache/2.4.41 (Ubuntu)
|_http-title: Apache2 Ubuntu Default Page: It works
443/tcp open ssl/http Apache httpd 2.4.41 ((Ubuntu))
| http-robots.txt: 1 disallowed entry
|_/
|_http-server-header: Apache/2.4.41 (Ubuntu)
|_http-title: Vishal Server
| ssl-cert: Subject: commonName=saraswatirepository.com/organizationName=Saraswati Repository Ltd./stateOrProvinceName=Gujarat/countryName=IN
| Not valid before: 2020-08-06T12:38:16
|_Not valid after: 2030-08-04T12:38:16
|_ssl-date: TLS randomness does not represent time
| tls-alpn:
|_ http/1.1
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 15.54 seconds
Where -A is combination of following operation
-O + -sV (Service Version Detection – Banner Grabbing) + Port Scan (Default TCP Ports)
ii. Network or Subnet
To detect the operating system of all Systems in Network or Subnet use below commands
iamvsm@SaraswatiRepository:~$ nmap -O 192.168.20.0/24
(TCP Ports + Operating System of Devices on Network or Subnet)
iamvsm@SaraswatiRepository:~$ nmap -A 192.168.20.0/24
(TCP Ports + Service Version(Banner Grabbing) + Operating System of Devices on Network or Subnet)
Hence, this how we can detect Operating System of Target Machine or Network using Nmap.
