3

How can one identify a service running on a non-standard port? I'm not talking about services like webserver or FTP since nmap can do that without any problems. I'm talking about services that are not that common, like Java RMI, X11, ...

What I found till now is amap and the NMAP+V patch and some standard strings like:

  • version
  • ?
  • \r\n\r\n
  • help
  • ...

Is someone aware of any kind of list/paper for a good start?

i--
  • 51
  • 1
  • 3

1 Answers1

2

nmap+V and amap are old patches and forks of nmap that was used before nmap added version scanning into the core build. Both tools are mostly obsolete now. Even the AMAP website agrees.

nmap -sV -V -ip address-

The -V flag increases the verbosity of nmap's output, giving you the exact header information that nmap uses to determine what service/version is running on the port.

In the case of non-standard programs, your best bet would be to use Google to search for more information about a particular header or other information that nmap returns. There is really too many obscure programs for anyone to provide a comprehensive list in one place.

  • Well to identify a non-standard program I have to get a header first - I need to send something to the service in otder to (hopefully) get an error message, which I can google afterward. But still, I need to start somwhere and that's the reason for my question. I thought maybe someone saw something useful somewhere ;) – i-- Sep 20 '12 at 11:26
  • @i-- The -V flag allows to to observe the packets returned by the service in response to nmap's -sV scan. One -V flag might not be enough - i can't remember at this point. Try adding another -V if one doesn't return the necessary information. –  Sep 20 '12 at 11:27
  • 2
    You could also fire up Wireshark and analyse the packets yourself, during an nmap scan. – Polynomial Sep 20 '12 at 11:52