A penetration tester is performing service discovery on a Linux server and finds that TCP port 8181 is open. An initial Nmap scan without version detection (-sS) confirmed the port is open, but did not identify the service. The tester needs to determine the exact service and version running on this non-standard port to search for potential vulnerabilities. Which of the following actions is the most effective and appropriate next step?
Use netstat -antp on the server to identify the process listening on the port.
Attempt to connect to the port using a web browser to check for an HTTP interface.
Run an Nmap scan with service version detection enabled (-sV) against the port.
Launch a broad vulnerability scan against the port to identify any known exploits.
The most effective method to identify an unknown service on a non-standard port is to use a tool's service and version detection capabilities. Nmap's -sV flag is specifically designed for this purpose, as it sends a series of probes to identify the protocol and version of the service. Attempting to connect with a web browser only tests for one possible protocol (HTTP). Using netstat requires prior access to the target host, which is not implied in this reconnaissance scenario. Launching a vulnerability scan without knowing the service is inefficient and likely to produce inaccurate results.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is banner grabbing, and how does it help in identifying a listening port?
Open an interactive chat with Bash
What tools are commonly used to probe ports and capture service details?
Open an interactive chat with Bash
Why are other methods like disabling services or adjusting firewall rules less effective for identifying unknown ports?