What does the -O switch do and what are its typical limitations?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Prepare for the Nmap and ZenMap Tests. Access flashcards and multiple choice questions, with hints and explanations for each question. Ensure success in your exam!

Multiple Choice

What does the -O switch do and what are its typical limitations?

Explanation:
OS detection is what the -O switch does. It activates fingerprinting of the target’s TCP/IP stack by sending a set of crafted probes and analyzing how the host responds to each. By comparing those responses to a database of known stack characteristics, Nmap can guess the operating system (and sometimes the version). This tends to require privileged access because it uses raw packets and low-level network probing that aren’t available to unprivileged users on many systems. The method has typical limitations: if the path includes firewalls, NAT, or IDS, the probes may be blocked or altered, making the results unreliable or inconclusive; NAT can make it look like the gateway is responding rather than the actual host, muddying the identification; some hosts or networks suppress or rate-limit probes, reducing data and accuracy; and fingerprinting accuracy can vary across devices, especially with modern or hardened systems and virtualized environments.

OS detection is what the -O switch does. It activates fingerprinting of the target’s TCP/IP stack by sending a set of crafted probes and analyzing how the host responds to each. By comparing those responses to a database of known stack characteristics, Nmap can guess the operating system (and sometimes the version).

This tends to require privileged access because it uses raw packets and low-level network probing that aren’t available to unprivileged users on many systems. The method has typical limitations: if the path includes firewalls, NAT, or IDS, the probes may be blocked or altered, making the results unreliable or inconclusive; NAT can make it look like the gateway is responding rather than the actual host, muddying the identification; some hosts or networks suppress or rate-limit probes, reducing data and accuracy; and fingerprinting accuracy can vary across devices, especially with modern or hardened systems and virtualized environments.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy