Skip to main content


OS versioning can be very useful for several reasons, such as: network inventory, support/patching, discover unauthorized devices, etc...

OS Detection is enabled with the option "-O", and it better works if on the system there is at least one closed and one opened port, a useful option with this, can be to add the "-v" to be verbose. Other useful options related to OS detection are:

  • --osscan-limit #this will disable OS detection if no at least one closed and one opened ports are found, so we'll speed up the whole scan process of nmap
  • --osscan-guess, --fuzzy #these options tell nmap to be more aggressive when trying to retrieve the operating system
  • --max-os-tries num #this sets the maximum number of attempts done by nmap to identify the OS (default=5)

So let's say we have identified an opened and a closed port, which are respectively the open port 80 and the closed port 81, now to make a fast OS detection exploit the knowledge of these ports and do a:

 nmap -O -v -p 80,81
 # we added even the "-v" to be verbose, and gather more
 # information from the output