Re: nmap port name question?

[ToddAndMargo <ToddAndMargo () zoho com>]

>  <mailto:ToddAndMargo () zoho com>> wrote:
> > On Tue, Sep 17, 2013 at 3:01 PM, ToddAndMargo <ToddAndMargo () zoho com
> >
> >
> >     Hi All,
> >
> >     When nmap tells you a service associated with a
> >     port, for example,
> >
> >         137/tcp closed netbios-ns reset
> >
> >     does nmap get the name of the port from my /etc/services,
> >     or is the name hard coded into nmap?
> >
> >     Many thansk,
> >     -T

On 09/18/2013 06:36 AM, Eric Schultz wrote:
> Hey T,
> As far as I know, nmap gets the information from two different ways. The
> first way is for recognizing registered ports. Nmap uses a local
> file called nmap-services. The file contains a list of the registered
> ports and the associated service with a similar format to /etc/services.
> More information on this method can be found here:
> http://nmap.org/book/nmap-services.html
> The second method nmap uses is called version checking or
> fingerprinting. When NMAP checks an open port (depending on which scan
> type is chosen), a connection is established with the remote port. The
> listening service will send back a response that can usually be
> indicative of what service is running. Sometimes this can be banner-type
> information that gives out specific information like "IIS 7.1" Nmap can
> then continue probing the service with an HTTP get request to see if it
> returns valid HTML. The service's response can also be a unique response
> like "EHLO" that tells you an SMTP service is most likely runnung on
> that port number. You can see what the service will send back by using
> netcat to connect to the port. Nmap has a collection of the fingerprint
> information and then crossreferences it to determine the service. more
> information can be found here: http://nmap.org/book/vscan.html

Hi Eric and everyone ever that wrote me back,

Thank you for the in depth responses!  I love nmap more I learn
about it!  This two stage discover test is awesome.

-T


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------