This time around we're  going to use NMAP for more than just a basic scan. I really like this tool with all it's switches.

So anyway to find a network device just use nmap with the "-O" switch (that's a capital letter O, for OS detection).

Here's and example where I used this command to determine that a host was a Nortel switch:

***Note - in the example below I had to use "sudo" because I was running the command on an Ubuntu workstation.

kshort@LinuxStudent:~$ sudo nmap -O 192.168.100.123
[sudo] password for kshort:

Starting Nmap 4.53 ( http://insecure.org ) at 2008-09-26 11:39 EDT
Stats: 0:00:07 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 29.81% done; ETC: 11:39 (0:00:15 remaining)
Interesting ports on 192.168.100.123:
Not shown: 1712 closed ports
PORT   STATE    SERVICE
23/tcp open     telnet
80/tcp filtered http
Aggressive OS guesses: Bay Networks BayStack 450 switch (96%), Nut/OS 4.3.2 beta (ARM) (93%), Vegastream Vega 400 VoIP Gateway (90%), Cisco Catalyst 1912 switch (90%), HP LaserJet 1017 printer (89%), Radware LinkProof load balancer (88%), Linux 2.6.18 (CentOS 5, x86_64, SMP) (88%), IBM OS/400 V5R2M0 (88%), ZyXEL Prestige 623ME-T1 ADSL dual link router (88%), D-Link DI-704P broadband router (88%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 6 hops

OS detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 27.367 seconds