The following steps will guide you to gather service banner information using Amap:

1. The -B option in Amap can be used to run the application in banner mode. This will have it collect banners for the specified IP address and service port(s). Amap can be used to collect the banner from a single service by specifying the remote IP address and service number:

2. In the example provided, Amap has grabbed the service banner from port 21 on the Metasploitable2 system at 172.16.69.128. This command can also be modified to scan a sequential range of ports. To perform a scan of all the possible TCP ports, all the possible port address values must be scanned. The portions of the TCP header that define the source and destination port addresses are both 16 bits in length, and each bit can retain a value of 1 or 0. As such, there are 2¹⁶, or 65,536, possible TCP port addresses.

To scan the total possible address space, a port range of 1-65535 must be supplied:

3. The standard output produced by Amap provides some unnecessary and redundant information that can be extracted from the output. Specifically, it might be helpful to remove the scanned metadata, the Banner on phrase, and the IP address that remains the same throughout the entire scan. To remove the scan metadata, we must use the grep command to output for a phrase that is unique to the specific output entries and does not exist in the scan's metadata description. To do this, we can use the grep command for the word on:

4. We can then extract the Banner on phrase and the redundant IP address from the output by cutting each line of the output with a colon delimiter and then only retrieving fields 2-5: