There are some advanced options provided by Nmap, apart from port scanning. These options can help us gain more information about our target. One of the most widely used options is operating system identification [-O]. This can help us in identifying the operating system running on the target machine.
An operating system detection scan output is shown as follows:
msf > nmap -O 192.168.216.129[*] exec: nmap -O 192.168.216.129Starting Nmap 7.60 ( https://nmap.org ) at 2017-10-19 09:28 EDTNmap scan report for 192.168.216.129Host is up (0.0012s latency).Not shown: 977 closed portsPORT STATE SERVICE21/tcp open ftp22/tcp open ssh23/tcp open telnet...Running: Linux 2.6.XOS CPE: cpe:/o:linux:linux_kernel:2.6 ...