OS detection is another important part of Nmap because if you know which operating system our target is using we can easily penetrate deep into it. It becomes easy for us to look for exploits as our reconnaissance becomes more refined. Process of OS Detection goes in five phases :
- Sequence Generation
- ICMP Echo
- TCP Explicit Congestion
Nmap send packets to target in different ways by using the above phases to see how target responds back and hence Nmap gets idea of the OS being used. Doing OS Scan :
sudo nmap -O 192.168.0.104
Version Detection is also one of important aspect of Nmap because if you know what version service is using,you can easily find exploits of that service.
Version Detection can be enabled using below commands :
- -A(Version Detection in detail) This enables version detection and gives more detail than -sV gives. This scan is more verbose and is more helpfull but it takes a lot time as compared to -sV
nmap -A 192.168.0.104
- -sV (Version Detection) This also enables version detection but it is not verbose .
nmap -sV 192.168.0.104