Back to course

Identifying Operating Systems (OS Fingerprinting)

Cyber Security Mastery: From Zero to Hero

OS Fingerprinting

Knowing the target OS (Windows Server 2016, CentOS 7, etc.) is vital because exploits are almost always OS-specific.

OS Fingerprinting is the process of determining the target's operating system by analyzing subtle variations in how it responds to specific network probes.

Nmap OS Detection (-O)

Nmap uses a database of known OS behaviors.

  1. It sends probes (TCP, IP, ICMP) designed to test things like initial window size, TCP sequence number generation, and IP ID sequence.
  2. It compares the target's response to its database to determine the most likely OS.

bash nmap -O 192.168.1.100

Output Example:

OS details: Linux 2.6.9 - 2.6.33

Accuracy: OS fingerprinting is usually highly accurate but can be confused by proxies or network layers (like virtualization or load balancers).