I'm trying to do some Nmap OS detection and I'm running into some results I don't understand.
The scan I'm running is the following:
nmap -O -F -v -T2 -oA nmap-uphosts-OSdetect -iL < my_in_file
I've got -F in there to limit the number of ports because the scan of 40 hosts was taking really long with the default 1000 ports. The -T2 because there seemed to be some IDS / rate limiting / reactive firewall type defenses when running it at full speed.
When my scan completes pretty much every single host has the following message in the results:
No exact OS matches for host (test conditions non-ideal)
This occurs even on hosts with multiple open & closed ports, as required for OS detection.
It's worth noting that all of the hosts are VMWare VMs. I'm not sure if this results in a fingerprint that Nmap has a little more trouble digesting.
Does anyone have any insight on what might be the cause & how I can determine specifically which test conditions are non-ideal to try and get more conclusive results? As it is all the hosts list several possible OSes without a conclusive ID.
Thanks!
EDIT - To clarify this is a lab / learning environment. I have permission to run the scans.