Security Basics
Re: nmap port name question? Sep 18 2013 06:04PM
ToddAndMargo (ToddAndMargo zoho com)
> <mailto:ToddAndMargo (at) zoho (dot) com [email concealed]>> wrote:
>> On Tue, Sep 17, 2013 at 3:01 PM, ToddAndMargo <ToddAndMargo (at) zoho (dot) com [email concealed]
>>
>>
>> Hi All,
>>
>> When nmap tells you a service associated with a
>> port, for example,
>>
>> 137/tcp closed netbios-ns reset
>>
>> does nmap get the name of the port from my /etc/services,
>> or is the name hard coded into nmap?
>>
>> Many thansk,
>> -T

On 09/18/2013 06:36 AM, Eric Schultz wrote:
> Hey T,
> As far as I know, nmap gets the information from two different ways. The
> first way is for recognizing registered ports. Nmap uses a local
> file called nmap-services. The file contains a list of the registered
> ports and the associated service with a similar format to /etc/services.
> More information on this method can be found here:
> http://nmap.org/book/nmap-services.html
> The second method nmap uses is called version checking or
> fingerprinting. When NMAP checks an open port (depending on which scan
> type is chosen), a connection is established with the remote port. The
> listening service will send back a response that can usually be
> indicative of what service is running. Sometimes this can be banner-type
> information that gives out specific information like "IIS 7.1" Nmap can
> then continue probing the service with an HTTP get request to see if it
> returns valid HTML. The service's response can also be a unique response
> like "EHLO" that tells you an SMTP service is most likely runnung on
> that port number. You can see what the service will send back by using
> netcat to connect to the port. Nmap has a collection of the fingerprint
> information and then crossreferences it to determine the service. more
> information can be found here: http://nmap.org/book/vscan.html

Hi Eric and everyone ever that wrote me back,

Thank you for the in depth responses! I love nmap more I learn
about it! This two stage discover test is awesome.

-T

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus