Ejemplos ?.

Aquí dos ejemplos de detección de sistemas operativos en dos host de
mi empresa y con dos formas diferentes,

Método 1
C:\nmap1>nmap -sS -P0 -O -v 192.168.4.5

Starting nmap V. 2.54BETA35 ( www.insecure.org/nmap )
Host INFOGRAFIA5 (192.168.4.5) appears to be up ... good.
Initiating SYN Stealth Scan against INFOGRAFIA5 (192.168.4.5)
Adding open port 135/tcp
Adding open port 139/tcp
Adding open port 445/tcp
The SYN Stealth Scan took 0 seconds to scan 1558 ports.
For OSScan assuming that port 135 is open and port 1 is closed and neither are f
irewalled
Interesting ports on INFOGRAFIA5 (192.168.4.5):
(The 1555 ports scanned but not shown below are in state: closed)
Port State Service
135/tcp open loc-srv
139/tcp open netbios-ssn
445/tcp open microsoft-ds
Remote operating system guess: Windows Millennium Edition (Me), Win 2000, or Win
XP
TCP Sequence Prediction: Class=random positive increments
Difficulty=15428 (Worthy challenge)
IPID Sequence Generation: Incremental

Nmap run completed -- 1 IP address (1 host up) scanned in 1 second

Método 2
C:\nmap1>nmap -sS -p 80 -O -v 192.168.4.7

Starting nmap V. 2.54BETA35 ( www.insecure.org/nmap )
Host INFOGRAFIA7 (192.168.4.7) appears to be up ... good.
Initiating SYN Stealth Scan against INFOGRAFIA7 (192.168.4.7)
The SYN Stealth Scan took 0 seconds to scan 1 ports.
Warning: OS detection will be MUCH less reliable because we did not
st 1 open and 1 closed TCP port
The 1 scanned port on INFOGRAFIA7 (192.168.4.7) is: closed
Too many fingerprints match this host for me to give an accurate OS
TCP/IP fingerprint:
SInfo(V=2.54BETA35%P=i686-pc-windows-windows%D=6/24%Time=3D16DB99%O=
T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RIPCK=E%UC K=E%ULEN=134%DAT=E


Nmap run completed....

Un saludo,