Identifying services
Another useful piece of functionality that nmap provides is the ability to identify services by attempting to grab application banners or issue various types of known requests and determine the service based upon how it responds.
How to do it…
Use –sV to probe for service/version information:
$ nmap 10.0.0.10 -sV Starting Nmap 6.40 ( http://nmap.org ) at 2016-05-08 16:15 EDT Nmap scan report for 10.0.0.10 Host is up (0.0016s latency). Not shown: 995 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh (protocol 2.0) 25/tcp open smtp Postfix smtpd 53/tcp open domain 80/tcp open http Apache httpd 2.4.7 ((Ubuntu)) 111/tcp open rpcbind 2-4 (RPC #100000) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port22-TCP:V=6.40%I=7%D=5/8%Time=572F9E4A%P=x86_64-pc-linux-gnu%r(NULL, SF:2B,"SSH-2\.0-OpenSSH_6\.6\.1p1\x20Ubuntu-2ubuntu2...
