Understanding an Nmap fingerprint
OS fingerprinting is a technique used to determine the type and version of the operating system running on a remote host. The nmap-os-db
data file contains thousands of signatures. However, different remote operating systems respond to Nmap's specialized OS detection probes. A fingerprint contains an operating system's name, its general classification, and response data pattern.
A typical fingerprint format appears as shown in the following figure. During detection probe, attributes and results are compared against the Nmap os-db
OS database. A simple command can be used for OS detection with the flag -O
:
#sudo nmap --O <ip or ip subnet>
The following screenshot is specific to the Cisco 2820 device and shows that a number of tests will be performed before Nmap declares that device as Cisco 2820. This Nmap database will have similar fingerprints for most known devices, and this keeps growing:
We can see the following terms in the above snapshot:
- SEQ test...