Read more

How to find out what is running on a port on a remote machine

Arne Hartherz
July 26, 2016Software engineer at makandra GmbH

By convention, common protocols use a defined port, like 80 for HTTP or 443 for HTTPS.

Illustration web development

Do you need DevOps-experts?

Your development team has a full backlog? No time for infrastructure architecture? Our DevOps team is ready to support you!

  • We build reliable cloud solutions with Infrastructure as code
  • We are experts in security, Linux and databases
  • We support your dev team to perform
Read more Show archive.org snapshot

You can use nmap to find out what service is running behind a given port, and most often see some details about it. This can be helpful if servers don't offer the services you expect for some ports. If you'd like to see what ports are listing on your local machine, you might want to use netstat instead of nmap.

Note that nmap's service discovery may trigger several requests.

Example

When using nmap, adding the -A switch will make nmap discover details about the given port. Specify that port using -p.

Here we look at port 443 on makandracards.com:

$ nmap -A makandracards.com -p 443

Starting Nmap 6.40 ( http://nmap.org ) at 2016-07-26 13:45 CEST
Nmap scan report for makandracards.com (92.51.173.90)
Host is up (0.014s latency).
PORT    STATE SERVICE VERSION
443/tcp open  http    nginx
|_http-methods: No Allow or Public header in OPTIONS response (status code 400)
|_http-title: 400 The plain HTTP request was sent to HTTPS port
| ssl-cert: Subject: commonName=www.makandracards.com/countryName=DE
| Not valid before: 2015-10-14T12:42:03+00:00
|_Not valid after:  2016-10-14T12:42:03+00:00
|_ssl-date: 2016-08-05T11:33:52+00:00; +9d23h48m18s from local time.
| tls-nextprotoneg: 
|   h2
|_  http/1.1

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 6.63 seconds
Posted by Arne Hartherz to makandra dev (2016-07-26 13:40)