Open a terminal and type the following command:

$ nmap -sV scanme.nmap.org

The result of this command is a table containing an additional column named VERSION, displaying the specific service version, if identified. Additional information will be enclosed in parenthesis. Refer to the following screenshot:

The flag -sV enables service detection, which returns additional service and version information.

Service detection is one of the most loved features of Nmap, as it's very useful in many situations such as identifying security vulnerabilities or making sure a service is running on a given port.

This feature basically works by sending different probes from nmap-service-probes to the list of suspected open ports. The probes are selected based on how likely it is that they can be used to identify a service.

There is very detailed documentation on how the service detection mode works, and the file formats used, at http://nmap.org/book/vscan.html.

You can set the amount of probes to use by changing the intensity level of the scan with the argument –-version-intensity [0-9], as follows:

# nmap -sV –-version-intensity 9  

Aggressive detection

Nmap has a special flag to activate aggressive detection, namely -A. Aggressive mode enables OS detection (-O), version detection (-sV), script scanning (-sC), and traceroute (--traceroute). Needless to say this mode sends a lot more probes and it is more likely to be detected, but provides a lot of valuable host information. You can see this by using one of the following commands:

# nmap -A <target>

Or

# nmap -sC -sV -O <target>