At this point of the information gathering process, we should now have documented a list of IP addresses, active machines, and open ports identified from the target organization. The next step in the process is determining the running operating system of the active machines in order to know the type of systems we're pentesting.
A Wireshark capture file is needed in order to complete step 2 of this recipe.
Let's begin the process of OS fingerprinting from a terminal window:
-Ooption to enable the OS detection feature:
nmap -O 192.168.56.102
p0f -s /tmp/targethost.pcap -o p0f-result.log -l p0f ...