Re: Service Fingerprinting

[Kevin Shaw <kevin.lee.shaw () gmail com>]

Amap has already been pointed out; but I would run an nmap scan a second
time and see if it still shows up. The port may have been open and not
necessarily a listening service and responded to the SYN packet; try some
other TCP flags and see what response you get. You've looked online, at
dhsield, etc. already?
On Dec 8, 2010 10:17 AM, "Dan King" <xxsegfaultxx () gmail com> wrote:
> Try using amap[1]. It does a pretty good job at throwing data at services
to
> figure out what is running. It also comes with amapcrap which throws
random
> data at a service trying to force a response.
>
> [1] http://freeworld.thc.org/thc-amap/
>
> On Wed, Dec 8, 2010 at 11:56 AM, Craig Freyman <craigfreyman () gmail com
> wrote:
>
> > I'm trying to identify what service is running on a specific port, tcp
> > 8474. Here's what I've tried:
> >
> > - nmap -sV -p8474 --version-all x.x.x.x
> > - telnet to the port - I get nothing
> > - browse to it with a web browser - I get nothing
> >
> > Nmap does tell me that the port is open though.
> > 8474/tcp open unknown
> >
> > The only thing I know about the server is that it is a Windows box.
> >
> > Is there anything else I can do to identify this service?
> >
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom () mail pauldotcom com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
>
>
>
> --
> I live in a world of cold steel and dungeons and mighty foes...
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com