Skip to content

04. Nmap OS and Service Version Scanning

Nmap Command Notes

1. nmap -O 192.168.0.1

  • Purpose: OS Detection
  • Explanation:
    • -O: Enables Operating System Detection using TCP/IP stack fingerprinting.
    • Nmap analyzes subtle differences in how the target OS responds to specific network probes to identify the operating system and version.
    • OS detection is not guaranteed if the target is behind a firewall or has restrictive network configurations.
  • Requirements:
    • OS detection requires root/admin privileges for accurate results.
  • Use Case:
    • Identifying the operating system of the target, which helps tailor further attacks or assessments.
  • Example Command:
 nmap -O 192.168.0.1
  • Output:
    • Reports the OS name, version, and other details like device type (e.g., router, firewall).

2. nmap -O -sV 192.168.0.1

  • Purpose: OS Detection with Version Detection
  • Explanation:
    • -O: Enables OS detection.
    • -sV: Enables Service Version Detection.
      • It probes open ports and attempts to determine the versions of services running on those ports (e.g., Apache 2.4.41).
    • Combining these options provides detailed information about the operating system and service versions.
  • Use Case:
    • Ideal for fingerprinting the target system's operating system and the exact versions of running services.

  • Example Command:

    nmap -O -sV 192.168.0.1

  • Output:

    • OS details, version information of services running on open ports, and device type.

3. nmap -A 192.168.0.1 -p-

  • Purpose: Aggressive Scan with Full Port Range
  • Explanation:
    • -A: Enables Aggressive Scan.
      • Aggressive scans perform:
        • OS detection (-O)
        • Service version detection (-sV)
        • Script scanning (--script=default)
        • Traceroute analysis
    • -p-: Scans all 65,535 ports (both TCP and UDP).
      • Without specifying -p-, Nmap scans only the top 1,000 ports by default.
  • Use Case:
    • Used for comprehensive reconnaissance to gather extensive information about the target.
    • Detects all open ports, services, and operating system details.
  • Caution:
    • This is a noisy scan—easily detected by intrusion detection systems (IDS) or firewalls.
    • Scanning all ports can take significant time depending on the network and system configurations.

  • Example Command:

    nmap -A 192.168.0.1 -p-

  • Output:

    • List of all open ports.
    • Detailed version information about services.
    • OS fingerprinting results.
    • Script output (e.g., vulnerabilities, service configurations).
    • Traceroute details.
Summary Table
Command Purpose Key Options Details Gathered Use Case
nmap -O 192.168.0.1 OS Detection -O Target OS details Identify operating system
nmap -O -sV 192.168.0.1 OS + Service Version Detection -O, -sV OS + Version info of running services Detailed OS and service scan
nmap -A 192.168.0.1 -p- Aggressive Full Port Scan -A, -p- OS, services, scripts, traceroute Comprehensive reconnaissance
Key Notes:
  1. Use -O for OS detection, but ensure you have root privileges.
  2. Combine -O with -sV for both OS and service version details.
  3. Use -A with -p- for a full and aggressive scan, but be aware of detection risks.