A penetration tester is performing service discovery on a Linux server and finds that TCP port 8181 is open. An initial Nmap scan without version detection (-sS) confirmed the port is open, but did not identify the service. The tester needs to determine the exact service and version running on this non-standard port to search for potential vulnerabilities. Which of the following actions is the most effective and appropriate next step?
Run an Nmap scan with service version detection enabled (-sV) against the port.
Launch a broad vulnerability scan against the port to identify any known exploits.
Use netstat -antp on the server to identify the process listening on the port.
Attempt to connect to the port using a web browser to check for an HTTP interface.
The most effective method to identify an unknown service on a non-standard port is to use a tool's service and version detection capabilities. Nmap's -sV flag is specifically designed for this purpose, as it sends a series of probes to identify the protocol and version of the service. Attempting to connect with a web browser only tests for one possible protocol (HTTP). Using netstat requires prior access to the target host, which is not implied in this reconnaissance scenario. Launching a vulnerability scan without knowing the service is inefficient and likely to produce inaccurate results.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does the Nmap `-sV` flag do?
Open an interactive chat with Bash
Why isn't using a web browser effective for discovering all services on a port?
Open an interactive chat with Bash
Why is using `netstat` on the target server not a viable option in this scenario?