• We had to restore from a backup today after a failed software update. Backup was from 0000 EDT and restored it at 0800 EDT so we lost about 8hrs. Today is 07/20/2024. More info here.

Detect OS in every subnet


New Member
Nov 6, 2018
Reaction score
Hi all, I am a newbie in linux and tried to use command to check the server OS including windows and linux subnet by subnet, command below
nmap -O -F 172.xx.xx.* | grep "Running:"
nmap -O -p22 172.xx.xx.* | grep "Running:"

However, the result only show the OS without its IP, is their any solution that can grep both IP and OS. Moreover, is it possible to scan the whole network but not only subnet. And is there any solution more accurate?

Many thanks!

First, you'd need to understand the command you're running..

breaking it down...

nmap (network tool)
-O (OS detection)
-F (Fast mode)
172.x.x.* (the network you're scanning)
| (a pipe)
grep (search for a string in the results)
"Running" (the string you're searching for)

Knowing this, you can figure out that you're hiding the IP from yourself by grepping for only the word 'Running'.

Run it w/o the grep at the end and you'll get something like this:

Nmap scan report for Chromecast-Audio.blahblahblah.com (
Host is up (0.0053s latency).
Not shown: 97 closed ports
8008/tcp open  http
8009/tcp open  ajp13
8443/tcp open  https-alt
MAC Address: 54:60:09:E6:D7:30 (Google)
Device type: general purpose
Running: Linux 2.6.X|3.X
OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3
OS details: Linux 2.6.32 - 3.10
Network Distance: 1 hop

Here, you'll see that if you grep also for a word in that top line.. or the IP you'll get all your info..

root@kali-arm64:~# nmap -O -F 192.168.2.*| grep 'scan report\|Runn'
Nmap scan report for u1 (
Running: Linux 3.X|4.X
Nmap scan report for cc (
Running: Linux 2.6.X|3.X
Nmap scan report for ctc-ilo (
Running: HP iLO 4.X
Nmap scan report for ctc (
Running: Linux 3.X|4.X
Nmap scan report for
Nmap scan report for Chromecast-Audio.blahblahblah.com (
Running: Linux 2.6.X|3.X

Further, if you use -A instead of -O, you'll not only get OS detection, but also version detection, script scanning, and traceroute results.. giving you more info.. and giving you more to grep for.

Thanks Rob! Finally get what I want.

Nmap -O -p T:22,25,139 172.16.xx.* | awk '/report for|Running:/'
And the desired output comes. Cheers!
And may I have few more questions that I'm trying to using port 22,25,139 instead of -F to search and the outcome is fast but not stable. For example, I find 30 hosts at the first time and 32 the second. And I keep trying and find that there is deviation sometimes. Or it's about the network problem or not about the chosen port? I also tried -F and it's worse.
Besides, is it possible to ping all subnets by one command instead of by ip range?

So many thanks.

Members online