Open In App

OS Detection in Nmap in Kali Linux

Last Updated : 01 May, 2022
Improve
Improve
Like Article
Like
Save
Share
Report

NMAP stands for Network Mapper which is an open-source tool used for network exploration and security auditing, in comparison to this, a tool named Nessus is used by industry professionals. These tools are mainly used by cybersecurity experts and hackers. 

Its main purpose is:

  • Provide the list of the live host.
  • Find the open Ports.
  • The real-time information of a network.
  • OS and Port scanning.

The hackers and the cybersecurity expert need to know the Operating System of the machine. It becomes very easy to access a system if we can know the specific open ports or the security holes of the system. Network Mapper(NMAP) NMAP has a database that helps in Operating systems (OS) but it is not automatically updated. The database to detect an OS is located at ‘/usr/share/nmap/nmap-os-db’.

Operating System(OS) detection is a very long and hectic process. So, before we get our hands dirty we should know about the five separate probes being performed to determine the OS. This probe may consist of one or more packets. The response to each packet (which is sent by the probe) by the target system helps to determine the OS type.

The five different probes are:

  • Sequence Generation.
  • ICMP Echo.
  • TCP Explicit Congestion Notification.
  • TCP.
  • UDP.

1. Sequence Generation: The Sequence Generation Probe consists of six packets that are sent 100 ms apart and are all TCP SYN packets. The result of all these packets will help in Operating System(OS) detection.

2. ICMP Echo: Two ICMP request packets are sent to the target system with different settings in the packet. The result of all these will help verify the OS type by NMAP.

3. TCP Explicit Congestion Notification: Congestion is a slowdown that occurs when a lot of packets are generated and passed by a single router. The packets which are sent are mainly used to get back the responses from the target system. This helps to detect the OS because a specific OS returns a specific value and each OS handles a packet differently.

4. TCP: Six packets are sent during this probe, and some packets are sent to open or closed ports with specific packet settings by using the corresponding result we can determine the type of Operating System(OS). The TCP Packets which are sent with varying flags are as follows:

  • no flags.
  • SYN, FIN, URG, and PSH.
  • ACK.
  • SYN.
  • ACK.
  • FIN, PSH, and URG.

5. UDP: UDP probe consists of a single packet that is sent to a closed port. If the port used on the target system is closed and an ICMP Port Unreachable message is returned it specifies that there is no Firewall.

OS detection using NMAP

Now we need to run the actual commands to perform OS detection using NMAP, and at first, we will get the IP address of the host system, and then will perform a scan to get all active devices on the network.

Step 1: Getting the IP of the System

ifconfig
Getting the IP of the System

 

Step 2: List of active devices in the Network

nmap -sn 192.168.232.128/24
List of active devices in the Network

 

Let’s do an SYN scan with OS detection in one of the active IPs

Let’s select IP: 192.168.232.2

nmap -sS 192.168.232.2 -O

 

Running: VMware Player.

OS details: VMware Player virtual NAT device.

Let’s now perform an Aggressive scan To guess the OS

  • -sV stands for Service version.
  • -A stands for Aggressive.

It will only display the chance of Operation System (OS) on the host computer with the help of Probability and Percentage.

nmap -sV 192.168.232.2 -A

 


Like Article
Suggest improvement
Previous
Neofetch In Linux – Snap cool screenshots of your Linux
Next
Smap - A Drop-In Replacement For Nmap Powered By Shodan.Io
Share your thoughts in the comments

Similar Reads

Vulscan - Vulnerability Scanning with Nmap in Kali Linux
Vscan - Vulnerability Scanner Tool Using Nmap And NSE Scripts in Kali Linux
Footprinting with Nmap in Kali Linux
Using Metasploit and Nmap to Scan for Vulnerabilities in Kali Linux
Kali-Whoami - Stay anonymous on Kali Linux
Nmap Command in Linux with Examples
How to Use Nmap Script Engine (NSE) Scripts in Linux?
How to Install python-nmap Library on Linux?
Difference Between Arch Linux and Kali Linux
RustScan - Faster Nmap Scanning with Rust
author
shoumikmanna
Article Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox