Nmap Service and Version Detection - Nikola's Digital Garden

#readwise # Nmap Service and Version Detection ![rw-book-cover](https://readwise-assets.s3.amazonaws.com/static/images/article3.5c705a01b476.png) ## Metadata - Author: [[nmap.org]] - Full Title: Nmap Service and Version Detection - URL: https://nmap.org/book/man-version-detection.html ## Summary Nmap can detect open ports on a remote machine and identify the services running on them, like mail and web servers. It uses a database to match services and versions, which is important for security assessments. Version detection helps find detailed information about services, including their names and versions. Users can control version detection with specific options to enhance accuracy and speed. ## Highlights After TCP and/or UDP ports are discovered using one of the other scan methods, version detection interrogates those ports to determine more about what is actually running. The `nmap-service-probes` database contains probes for querying various services and match expressions to recognize and parse responses. Nmap tries to determine the service protocol (e.g. FTP, SSH, Telnet, HTTP), the application name (e.g. ISC BIND, Apache httpd, Solaris telnetd), the version number, hostname, device type (e.g. printer, router), the OS family (e.g. Windows, Linux). When possible, Nmap also gets the Common Platform Enumeration (CPE) representation of this information. Sometimes miscellaneous details like whether an X server is open to connections, the SSH protocol version, or the KaZaA user name, are available. Of course, most services don't provide all of this information. If Nmap was compiled with OpenSSL support, it will connect to SSL servers to deduce the service listening behind that encryption layer. Some UDP ports are left in the `open|filtered` state after a UDP port scan is unable to determine whether the port is open or filtered. Version detection will try to elicit a response from these ports (just as it does with open ports), and change the state to open if it succeeds. `open|filtered` TCP ports are treated the same way. ([View Highlight](https://read.readwise.io/read/01jpdbmdmdta28xn2znt2dt71r)) ^fi938z --- `-sV` (Version detection) Enables version detection, as discussed above. ([View Highlight](https://read.readwise.io/read/01jpdbqaawa23eqr9kekaxdpab)) ---