Modern port scanners can probe in stealthy, patient, and subtle ways, in combination with operating system fingerprinting, which refers to the art of guessing the operating system from stack peculiarities and additional hints derived from intelligent probing. Two of the most popular tools are the nmap and strobe programs. Example 6-1 provides two examples of these tools in action. The /etc/services file on UNIX systems provides a mapping between TCD/UDP port numbers and their textual names. This list is maintained by Internet Assigned Numbers Authority (IANA, http://www.iana.org/assignments/port-numbers) and consists of three port groups:
Well-known ports (0?1023)
Registered ports (1024?49151)
Dynamic ports (49152?65535)
[root@castor:~#] nmap -p 1-4000 localhost Starting nmap V. 2.54BETA34 ( www.insecure.org/nmap/ ) Interesting ports on localhost.nerdzone.org (127.0.0.1): (The 3994 ports scanned but not shown below are in state: closed) Port State Service 22/tcp open ssh 1899/tcp open unknown 2070/tcp open unknown 2410/tcp open unknown 2560/tcp open unknown 3046/tcp open unknown Nmap run completed -- 1 IP address (1 host up) scanned in 23 seconds [root@ganymed:~#] strobe -b 1 -e 4000 localhost strobe 1.05 (c) 1995-1999 Julian Assange <proff@iq.org>. localhost 22 ssh Secure Shell - RSA encrypted rsh -> SSH-2.0-OpenSSH_3.4\n localhost 80 http www www-http World Wide Web HTTP www World Wide Web HTTP [TXL]