Wykonuję poniższe polecenie:
nmap -O -v 192.168.1.10
wynikiem działania polecenia jest:
Starting Nmap 6.00 ( http://nmap.org ) at 2015-08-19 19:47 EDT Initiating ARP Ping Scan at 19:47 Scanning 192.168.1.10 [1 port] Completed ARP Ping Scan at 19:47, 0.10s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 19:47 Completed Parallel DNS resolution of 1 host. at 19:47, 0.01s elapsed Initiating SYN Stealth Scan at 19:47 Scanning 192.168.1.10 [1000 ports] Discovered open port 139/tcp on 192.168.1.10 Discovered open port 445/tcp on 192.168.1.10 Completed SYN Stealth Scan at 19:47, 0.60s elapsed (1000 total ports) Initiating OS detection (try #1) against 192.168.1.10 Retrying OS detection (try #2) against 192.168.1.10 Retrying OS detection (try #3) against 192.168.1.10 Retrying OS detection (try #4) against 192.168.1.10 Retrying OS detection (try #5) against 192.168.1.10 Nmap scan report for 192.168.1.10 Host is up (0.011s latency). Not shown: 998 closed ports PORT STATE SERVICE 139/tcp open netbios-ssn 445/tcp open microsoft-ds MAC Address: 94:39:E5:BF:0D:3B (Hon Hai Precision Ind. Co.) No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ). TCP/IP fingerprint: OS:SCAN(V=6.00%E=4%D=8/19%OT=139%CT=1%CU=34600%PV=Y%DS=1%DC=D%G=Y%M=9439E5% OS:TM=55D515A5%P=armv7l-unknown-linux-gnueabi)SEQ(SP=107%GCD=1%ISR=103%TI=Z OS:%CI=I%II=I%TS=8)OPS(O1=M5B4ST11NW7%O2=M5B4ST11NW7%O3=M5B4NNT11NW7%O4=M5B OS:4ST11NW7%O5=M5B4ST11NW7%O6=M5B4ST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120% OS:W5=7120%W6=7120)ECN(R=Y%DF=Y%T=41%W=7210%O=M5B4NNSNW7%CC=Y%Q=)T1(R=Y%DF= OS:Y%T=41%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=41%W=0%S=A%A=Z% OS:F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=41%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y OS:%T=41%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=41%W=0%S=Z%A=S+%F=AR%O=%R OS:D=0%Q=)U1(R=Y%DF=N%T=41%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)I OS:E(R=Y%DFI=N%T=41%CD=S) Uptime guess: 1.485 days (since Tue Aug 18 08:09:06 2015) Network Distance: 1 hop TCP Sequence Prediction: Difficulty=263 (Good luck!) IP ID Sequence Generation: All zeros Read data files from: /usr/bin/../share/nmap OS detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 32.14 seconds Raw packets sent: 1111 (52.918KB) | Rcvd: 1078 (46.650KB)
Dodam że nie mam wyłączony firewall.
Jak w powyższym przypadku można wykryć zdalnie system operacyjny na maszynie? Pytanie jest czysto edukacyjne, jako że jestem administratorem sieci i wszystkie urządzenia są pod moją opieką.