Professor Messer - Using Nmap to Find Rogue Devices

Posted on March 03, 2008 in How-to

Nmap is one of the best port scanners in the world, but did you know that Nmap can tell you the exact application name and version number hiding behind each port? More importantly, Nmap can tell you about the applications that you DONT want to see Nmaps version detection capabilities can provide you with an easy method of identifying rogue devices.

What is Version Detection?

Nmaps version detection feature identifies applications by performing intelligent queries of open ports. Even if the application is using a non-standard port, Nmap will correctly determine the application type.

Nmap uses a huge database of applications contained in the service file nmap-service-probes. This is constantly growing, so you may find additional services identified as time goes on. If youve found a new application, you will be given instructions on how to contribute your discovery to the next Nmap version