What is the term for NMAP's OS fingerprinting method that actively sends crafted packets to identify the OS, replacing older generation methods?

The method being tested is active probing to identify the target’s operating system. In Nmap’s active OS fingerprinting, the tool sends crafted probes (different TCP, UDP, and ICMP packets) and examines how the target responds to those probes. The stack’s behavior—like initial TTL values, IP ID sequencing, window size, the presence or absence of certain TCP options, and how it handles unusual or edge-case packets—creates a unique fingerprint that helps distinguish between operating systems and versions. This approach replaced older, less direct methods by actively eliciting stack behavior rather than relying solely on passive observations or generic heuristics. It’s powerful for accuracy, but because it interacts with the host, it can be more detectable by security controls. The term for this method is NMAP Active OS Fingerprinting.