Security Basics mailing list archives
Re: nmap port name question?
From: ToddAndMargo <ToddAndMargo () zoho com>
Date: Wed, 18 Sep 2013 11:04:44 -0700
<mailto:ToddAndMargo () zoho com>> wrote:On Tue, Sep 17, 2013 at 3:01 PM, ToddAndMargo <ToddAndMargo () zoho com Hi All, When nmap tells you a service associated with a port, for example, 137/tcp closed netbios-ns reset does nmap get the name of the port from my /etc/services, or is the name hard coded into nmap? Many thansk, -T
On 09/18/2013 06:36 AM, Eric Schultz wrote:
Hey T, As far as I know, nmap gets the information from two different ways. The first way is for recognizing registered ports. Nmap uses a local file called nmap-services. The file contains a list of the registered ports and the associated service with a similar format to /etc/services. More information on this method can be found here: http://nmap.org/book/nmap-services.html The second method nmap uses is called version checking or fingerprinting. When NMAP checks an open port (depending on which scan type is chosen), a connection is established with the remote port. The listening service will send back a response that can usually be indicative of what service is running. Sometimes this can be banner-type information that gives out specific information like "IIS 7.1" Nmap can then continue probing the service with an HTTP get request to see if it returns valid HTML. The service's response can also be a unique response like "EHLO" that tells you an SMTP service is most likely runnung on that port number. You can see what the service will send back by using netcat to connect to the port. Nmap has a collection of the fingerprint information and then crossreferences it to determine the service. more information can be found here: http://nmap.org/book/vscan.html
Hi Eric and everyone ever that wrote me back, Thank you for the in depth responses! I love nmap more I learn about it! This two stage discover test is awesome. -T ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- nmap port name question? ToddAndMargo (Sep 18)
- Re: nmap port name question? Austin Jorden (Sep 18)
- Message not available
- Re: nmap port name question? ToddAndMargo (Sep 18)
- Message not available
- Re: nmap port name question? ToddAndMargo (Sep 18)