OS detection using nmap for a particular IP address

nmap
sam picture sam · Apr 27, 2015 · Viewed 17.2k times · Source

I am trying to determine the OS of a particular IP address using nmap. Here is my code so far:

import java.io.*;

public class NmapFlags {
  public static void main(String[] args) throws Exception {
    try {

      String[] cmdarray = { "nmap", "-O", "66.110.59.130" };//

      // example trying to find the OS or device detials of this Ip address//
      Process process = Runtime.getRuntime().exec(cmdarray);
      BufferedReader r = new BufferedReader(new InputStreamReader(
          process.getInputStream()));
      String s;
      while ((s = r.readLine()) != null) {
        System.out.println(s);

      }

      r.close();

    } catch (IOException e) {
      e.printStackTrace();
    }
  }
}

After running this code output I got is:

All 1000 scanned ports on 66.110.59.130 are filtered
All 1000 scanned ports on 66.110.59.130 are filtered
Too many fingerprints match this host to give specific OS details
Too many fingerprints match this host to give specific OS details
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 246.06 seconds
Nmap done: 1 IP address (1 host up) scanned in 246.06 seconds**

Are there any other nmap flags I can use to detect the device type? I tried -A option. I need to find the device details at each hop of trace route.

Answer

Florian Bidabe picture Florian Bidabe · Jun 10, 2015

Nmap performs “active fingerprinting” (it sends packets then analyse the response) to guess what the remote Operating System is. These probes are quite intrusive and I‘d recommend reading more about it (http://nmap.org/book/osdetect-fingerprint-format.html).

"Too many fingerprints match this host to give specific OS details" means that the probes are contradictory or too broad. For example in a NAT scenario, some port scans return the router information (e.q. Cisco iOS), some other probes return the real host specifications (e.q. Windows).

The best way to understand how the network is designed is to rely on your own judgment based on different probes and output.

IP ID sequence, fingerprint analysis and service detection (-sV) can help:

e.q. If 3389 is open, then the OS running is a Windows.

e.q. if IP ID sequence varies then the target might be multiple (Load balanced).

Your analysis of the network traffic will always be more accurate than what nmap attempt to guess in an automated way.

Related questions

is it possible to get the MAC address for machine using nmap

I have a list of remote machines in a text files. Can I know their MAC addresses using nmap ?

Read More
How to retrieve both TCP and UDP ports with Nmap?

I need to retrieve both TCP and UDP ports in the same scan with Nmap in the fastest way possible. I'll try to explain it better. If I use the most common command: nmap 192.168.1.1 It retrieves ONLY TCP ports and …

Read More
nmap warning: giving up on port because retransmission cap hit (2)

I am trying to scan a large set of domain names using nmap. I used the following command: Nmap -PN -p443 -sS -T5 -oX out.xml -iL in.csv I get the following warning: Warning: xx.xx.xx.xx giving …

Read More