I am new to this field. Currently I am using Linux OS and my question is how can I find the OS of another machine to which I do not have a direct access.
I am interested in any possibilities which can lead me to this information.
Also I need to detect the OS precisely.
I used nmap -O before.
If you can send packets to the target machine, use nmap -O, which provides OS fingerprinting.
If you can eavesdrop/intercept network traffic with the target machine, use pof, a tool for passive OS fingerprinting.
You didn't provide much information about what are your constraints or why the standard tools (like nmap or pof) didn't work for you. Therefore, I'll provide some generic advice: I suggest you look into OS fingerprinting.
Go throughout this article about remote OS foot printing. http://nmap.org/book/osdetect.html
It doesn't alway work, but you can simply look at the headers that a webserver sends (notice the <=========<<<< below). None of the answers will get you 100% assurance, but combining methods will improve your results:
$ wget -SO /dev/null 'http://microsoft.com/'
--2012-12-31 15:27:27-- http://microsoft.com/
Resolving microsoft.com (microsoft.com)... 64.4.11.37, 65.55.58.201
Connecting to microsoft.com (microsoft.com)|64.4.11.37|:80... connected.
HTTP request sent, awaiting response...
HTTP/1.1 301 Moved Permanently
Cache-Control: private
Content-Length: 23
Content-Type: text/html
Location: http://www.microsoft.com
Server: Microsoft-IIS/7.5 <=========<<<<
Set-Cookie: ASPSESSIONIDSASTCBRC=LHFJPMCBKJFJNIBMEKIALFIC; path=/
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
X-UA-Compatible: IE=EmulateIE7
Date: Mon, 31 Dec 2012 14:27:29 GMT
Connection: close
wget retrieves a document from a webserver. -S prints out the headers. -O /dev/null redirects output to /dev/null. In this case you're only interested in headers, not the document.
