Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

Chapter 4. Using Nmap > Detecting Operating Systems

Detecting Operating Systems

A really nice feature of Nmap is the ability to remotely detect OS versions. This is particularly useful for network asset inventory and OS patch management. For example, you may use Nmap OS detection to identify outdated or unauthorized systems on your networks. Nmap performs OS detection by probing the target host and analyzing the responses. Probes include TCP and UDP packets that examine OS specifics such as initial sequence numbers (ISN), TCP options, IP identifier (ID) numbers, timestamps, explicit congestion notification (ECN), and window sizes. Each OS has distinctive responses to the probes, which identify the OS and result in an OS fingerprint. The probes and response matches are located in the nmap-os-db file. Nmap will attempt to identify the following parameters:

  • Vendor Name The vendor of the OS such as Microsoft or Sun.

  • Operating System The underlying OS such as Windows, Mac OS X, Solaris.

  • OS Generation The version of the OS such as Vista, XP, 2003, 10.5, or 10.

  • Device Type The type of device such as general purpose, print server, media, router, WAP, or power device.


  

You are currently reading a PREVIEW of this book.

                                                                                                                    

Get instant access to over $1 million worth of books and videos.

  

Start a Free Trial


  
  • Safari Books Online
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint