====== Ubuntu - nmap - Scan OS information and Traceroute ======

Detect which OS and version is running on the remote host. 

To enable OS & version detection, script scanning and traceroute, we can use **-A** option with nmap.

<code bash>
nmap -A 192.168.1.100
</code>

result:

<code bash>
Starting Nmap 6.40 ( http://nmap.org ) at 2016-07-08 00:19 BST
Nmap scan report for peter-laptop-1 (192.168.1.69)
Host is up (0.00018s latency).
Not shown: 997 closed ports
PORT    STATE SERVICE     VERSION
80/tcp  open  http        nginx 1.4.6 (Ubuntu)
|_http-methods: No Allow or Public header in OPTIONS response (status code 405)
|_http-title: Site doesn't have a title (text/html).
139/tcp open  netbios-ssn Samba smbd 3.X (workgroup: PETER-LAPTOP-1)
445/tcp open  netbios-ssn Samba smbd 3.X (workgroup: PETER-LAPTOP-1)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Host script results:
|_nbstat: NetBIOS name: PETER-LAPTOP-1, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
| smb-os-discovery: 
|   OS: Windows 6.1 (Samba 4.3.9-Ubuntu)
|   Computer name: peter-laptop-1
|   NetBIOS computer name: PETER-LAPTOP-1
|   Domain name: 
|   FQDN: peter-laptop-1
|_  System time: 2016-07-08T00:19:56+01:00
| smb-security-mode: 
|   Account that was used for smb scripts: guest
|   User-level authentication
|   SMB Security: Challenge/response passwords supported
|_  Message signing disabled (dangerous, but default)
|_smbv2-enabled: Server supports SMBv2 protocol

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 11.40 seconds
</code>

----

===== Example of Unknown OS =====

<code bash>
Starting Nmap 6.40 ( http://nmap.org ) at 2016-07-08 00:06 BST
Nmap scan report for 192.168.1.100
Host is up (0.035s latency).
Not shown: 989 closed ports
PORT     STATE SERVICE     VERSION
80/tcp   open  http?
| http-methods: Potentially risky methods: PUT DELETE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
|_http-title: Site doesn't have a title (text/html).
139/tcp  open  tcpwrapped
443/tcp  open  ssl/https?
| http-methods: Potentially risky methods: PUT DELETE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
|_http-title: Site doesn't have a title (text/html).
| ssl-cert: Subject: commonName=Printer/organizationName=HP/stateOrProvinceName=Washington/countryName=US
| Not valid before: 2015-01-09T13:43:38+00:00
|_Not valid after:  2035-01-04T13:43:38+00:00
445/tcp  open  netbios-ssn
515/tcp  open  printer
631/tcp  open  ipp?
| http-methods: Potentially risky methods: PUT DELETE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
6839/tcp open  tcpwrapped
7435/tcp open  tcpwrapped
8080/tcp open  http-proxy?
| http-methods: Potentially risky methods: PUT DELETE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
|_http-title: Site doesn't have a title (text/html).
9100/tcp open  jetdirect?
9220/tcp open  unknown
4 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port80-TCP:V=6.40%I=7%D=7/8%Time=577EE09E%P=x86_64-pc-linux-gnu%r(GetRe
SF:quest,B3,"HTTP/1\.1\x20505\x20HTTP\x20Version\x20Not\x20Supported\r\nSe
SF:rver:\x20HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\
SF:x20-\x20A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov
SF:\x2020,\x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(HTTPOptions
SF:,B3,"HTTP/1\.1\x20505\x20HTTP\x20Version\x20Not\x20Supported\r\nServer:
SF:\x20HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-\
SF:x20A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x202
SF:0,\x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(RTSPRequest,B7,"
SF:HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\nServer:\x
SF:20HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-\x2
SF:0A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x2020,
SF:\x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(X11Probe,B7,"HTTP/
SF:1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\nServer:\x20HP\
SF:x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-\x20A7F6
SF:5A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x2020,\x202
SF:015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(FourOhFourRequest,B3,"H
SF:TTP/1\.1\x20505\x20HTTP\x20Version\x20Not\x20Supported\r\nServer:\x20HP
SF:\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-\x20A7F
SF:65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x2020,\x20
SF:2015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(GenericLines,B7,"HTTP/
SF:1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\nServer:\x20HP\
SF:x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-\x20A7F6
SF:5A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x2020,\x202
SF:015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(RPCCheck,B7,"HTTP/1\.1\
SF:x20400\x20Bad\x20Request\r\nConnection:\x20close\r\nServer:\x20HP\x20HT
SF:TP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-\x20A7F65A;\x
SF:20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x2020,\x202015\x
SF:2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(DNSVersionBindReq,B7,"HTTP/1
SF:\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\nServer:\x20HP\x
SF:20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-\x20A7F65
SF:A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x2020,\x2020
SF:15\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port443-TCP:V=6.40%T=SSL%I=7%D=7/8%Time=577EE0A5%P=x86_64-pc-linux-gnu%
SF:r(GetRequest,B3,"HTTP/1\.1\x20505\x20HTTP\x20Version\x20Not\x20Supporte
SF:d\r\nServer:\x20HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x
SF:208620\x20-\x20A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri
SF:\x20Nov\x2020,\x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(Gene
SF:ricLines,B7,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close
SF:\r\nServer:\x20HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x2
SF:08620\x20-\x20A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\
SF:x20Nov\x2020,\x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(HTTPO
SF:ptions,B3,"HTTP/1\.1\x20505\x20HTTP\x20Version\x20Not\x20Supported\r\nS
SF:erver:\x20HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620
SF:\x20-\x20A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20No
SF:v\x2020,\x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(RTSPReques
SF:t,B7,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\nSer
SF:ver:\x20HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x
SF:20-\x20A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\
SF:x2020,\x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(RPCCheck,B7,
SF:"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\nServer:\
SF:x20HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-\x
SF:20A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x2020
SF:,\x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(DNSVersionBindReq
SF:,B7,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\nServ
SF:er:\x20HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x2
SF:0-\x20A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x
SF:2020,\x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(DNSStatusRequ
SF:est,B7,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\nS
SF:erver:\x20HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620
SF:\x20-\x20A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20No
SF:v\x2020,\x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(Help,B7,"H
SF:TTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\nServer:\x2
SF:0HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-\x20
SF:A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x2020,\
SF:x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port631-TCP:V=6.40%I=7%D=7/8%Time=577EE09E%P=x86_64-pc-linux-gnu%r(GetR
SF:equest,B3,"HTTP/1\.1\x20505\x20HTTP\x20Version\x20Not\x20Supported\r\nS
SF:erver:\x20HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620
SF:\x20-\x20A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20No
SF:v\x2020,\x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(HTTPOption
SF:s,B3,"HTTP/1\.1\x20505\x20HTTP\x20Version\x20Not\x20Supported\r\nServer
SF::\x20HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-
SF:\x20A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x20
SF:20,\x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(GenericLines,B7
SF:,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\nServer:
SF:\x20HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-\
SF:x20A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x202
SF:0,\x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(RTSPRequest,B7,"
SF:HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\nServer:\x
SF:20HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-\x2
SF:0A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x2020,
SF:\x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(RPCCheck,B7,"HTTP/
SF:1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\nServer:\x20HP\
SF:x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-\x20A7F6
SF:5A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x2020,\x202
SF:015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(DNSVersionBindReq,B7,"H
SF:TTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\nServer:\x2
SF:0HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-\x20
SF:A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x2020,\
SF:x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(DNSStatusRequest,B7
SF:,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\nServer:
SF:\x20HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-\
SF:x20A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x202
SF:0,\x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(Help,B7,"HTTP/1\
SF:.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\nServer:\x20HP\x2
SF:0HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-\x20A7F65A
SF:;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x2020,\x20201
SF:5\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port8080-TCP:V=6.40%I=7%D=7/8%Time=577EE09E%P=x86_64-pc-linux-gnu%r(Get
SF:Request,B3,"HTTP/1\.1\x20505\x20HTTP\x20Version\x20Not\x20Supported\r\n
SF:Server:\x20HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x20862
SF:0\x20-\x20A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20N
SF:ov\x2020,\x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(HTTPOptio
SF:ns,B3,"HTTP/1\.1\x20505\x20HTTP\x20Version\x20Not\x20Supported\r\nServe
SF:r:\x20HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20
SF:-\x20A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x2
SF:020,\x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(RTSPRequest,B7
SF:,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\nServer:
SF:\x20HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-\
SF:x20A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x202
SF:0,\x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(FourOhFourReques
SF:t,B3,"HTTP/1\.1\x20505\x20HTTP\x20Version\x20Not\x20Supported\r\nServer
SF::\x20HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-
SF:\x20A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x20
SF:20,\x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(Socks5,B3,"HTTP
SF:/1\.1\x20505\x20HTTP\x20Version\x20Not\x20Supported\r\nServer:\x20HP\x2
SF:0HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-\x20A7F65A
SF:;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x2020,\x20201
SF:5\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(Socks4,B7,"HTTP/1\.1\x204
SF:00\x20Bad\x20Request\r\nConnection:\x20close\r\nServer:\x20HP\x20HTTP\x
SF:20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-\x20A7F65A;\x20Se
SF:rial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x2020,\x202015\x2011
SF::46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(GenericLines,B7,"HTTP/1\.1\x2040
SF:0\x20Bad\x20Request\r\nConnection:\x20close\r\nServer:\x20HP\x20HTTP\x2
SF:0Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-\x20A7F65A;\x20Ser
SF:ial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x2020,\x202015\x2011:
SF:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(RPCCheck,B7,"HTTP/1\.1\x20400\x20
SF:Bad\x20Request\r\nConnection:\x20close\r\nServer:\x20HP\x20HTTP\x20Serv
SF:er;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-\x20A7F65A;\x20Serial\x
SF:20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x2020,\x202015\x2011:46:43
SF:AM\x20{FDP1CN1547AR}\r\n\r\n");

Host script results:
|_nbstat: NetBIOS name: HP3863BB75D414, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
| smb-os-discovery: 
|   OS: VxWorks (NQ 4.32)
|   NetBIOS computer name: 
|   Workgroup: 
|_  System time: 2016-07-08T00:15:24+00:00
| smb-security-mode: 
|   Account that was used for smb scripts: guest
|   User-level authentication
|   SMB Security: Challenge/response passwords supported
|_  Message signing disabled (dangerous, but default)
|_smbv2-enabled: Server doesn't support SMBv2 protocol

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 225.80 seconds
</code>