NMAP service probe or normal port scan

Question

Apologies - I am very new to these things.I read that

nmap-service-probes

will display the service that the port is using while

nmap -sS

will send a stealth SYN which is also capable of determining whether a port is open or not. My question is if the service-probe can return a output-meaning there is a response while the steal SYN scan produces a report which says the port does not respond and is closed. I ask this question as i am looking through the research "internet census 2012" and it seems some ports that do not respond with a syn-ack give back a service probe respond

I can't figure out what it is you want to know here. – Falcon Momot Aug 13 '14 at 22:49 — Falcon Momot, Aug 13 '14 at 22:49

score 0 · Accepted Answer · answered Aug 12 '14 at 09:28

No. nmap-service-probes is a database which tells nmap how to interpret answers from a service. It is used like nmap ... -sV ....

For instance, a syn-scan looks like

# nmap -n -sS -F 127.0.0.1

Starting Nmap 6.25 ( http://nmap.org ) at 2014-08-12 11:20 CEST
Nmap scan report for 127.0.0.1
Host is up (0.000099s latency).
Not shown: 99 closed ports
PORT   STATE SERVICE
22/tcp open  ssh

Nmap done: 1 IP address (1 host up) scanned in 2.66 seconds

while a service scan looks like

# nmap -n -sV -F 127.0.0.1

Starting Nmap 6.25 ( http://nmap.org ) at 2014-08-12 11:21 CEST
Nmap scan report for 127.0.0.1
Host is up (0.000036s latency).
Not shown: 99 closed ports
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 6.6p1-hpn14v4 (protocol 2.0)

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 3.33 seconds

Note the fourth column - that's what the service-scan does.

NMAP service probe or normal port scan

1 Answers1