基于TTL识别
TTL(time to live,生存时间),该字段指定IP包被路由器丢弃之前允许通过的最大网段数量。不同的操作系统类型相应的TTL值不同。
nmap:
nmap -O [target]
root@kali:~# nmap -O 192.168.29.136
Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-10 16:09 CST
Nmap scan report for 192.168.29.136 (192.168.29.136)
Host is up (0.00038s latency).
Not shown: 989 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
443/tcp open