Which Nmap command allows for OS detection through TCP/IP stack fingerprinting?

The command that enables operating system detection through TCP/IP stack fingerprinting is the one that includes the ‘-O’ option. This specific flag prompts Nmap to analyze the characteristics of the target's network stack to identify the operating system it is running. By sending a series of carefully crafted packets and analyzing the responses, Nmap can match these responses against its database of known OS fingerprints. This capability is particularly useful for penetration testers seeking to gather detailed information about candidates in their assessments.

The other options, while useful in their respective contexts, do not focus primarily on OS detection. For instance, the option that involves ‘-sV’ is designed for service version detection, meaning it scans and attempts to identify versions of services running on open ports rather than determining the underlying operating system. The ‘-sS’ option initiates a stealth SYN scan, useful for mapping open ports quietly but does not provide OS information. Finally, the ‘-Pn’ option bypasses host discovery, assuming the hosts are up without scanning for ICMP replies, and is not related to OS fingerprinting. Therefore, the ‘-O’ option is the correct choice specifically for OS detection using TCP/IP stack fingerprinting.