cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
624
Views
0
Helpful
4
Replies

Mac-OS NMAP scan returns most OS ass Yosemite

Josh Morris
Level 3
Level 3

I have a bunch of Mac OS laptops in my environment and I am relying on the NMAP scan for most of my wired endpoints (Can't get the IP User-Agent attribute on wired), so I kick off an NMAP scan. The problem is that the NMAP scan nearly always believes the OS is Yosemite (10.10). This is clearly not the case as most of my MacOS machines are High Sierra or Mojave. Any idea why the NMAP scan isn't working correctly?

1 Accepted Solution

Accepted Solutions


@Josh Morris wrote:

@howon  I am running v2.2 patch 14

@Jason Kunst  I am running device sensor on all my switches and am getting reliable Radius and DHCP data. But since I am not using any portal or redirect, I do not get HTTP data. I do on wireless, however. 


You should redirect to portal to get the best result as @howon mentioned nmap is not the best option

View solution in original post

4 Replies 4

howon
Cisco Employee
Cisco Employee

What version of ISE are you running? NMAP OS detection isn't reliable as other sources such as DHCP or HTTP based detection.

Jason Kunst
Cisco Employee
Cisco Employee

To build off @howon  advice why aren't you using Cisco IOS switches with device sensor -https://community.cisco.com/t5/security-documents/ise-secure-wired-access-prescriptive-deployment-guide/ta-p/3641515

 

and otherwise redirecting to a portal for http user agent string detection 

@howon  I am running v2.2 patch 14

@Jason Kunst  I am running device sensor on all my switches and am getting reliable Radius and DHCP data. But since I am not using any portal or redirect, I do not get HTTP data. I do on wireless, however. 


@Josh Morris wrote:

@howon  I am running v2.2 patch 14

@Jason Kunst  I am running device sensor on all my switches and am getting reliable Radius and DHCP data. But since I am not using any portal or redirect, I do not get HTTP data. I do on wireless, however. 


You should redirect to portal to get the best result as @howon mentioned nmap is not the best option

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: