We have the service banner information, now let's perform the service identification using Nmap:

1. To understand the effectiveness of Nmap's service-identification function, we should consider a service that does not provide a self-disclosed service banner. By using Netcat to connect to the TCP port 80 on the Metasploitable2 system (a technique discussed in the Banner grabbing with Netcat recipe of this chapter), we can see that no service banner is presented by merely establishing a TCP connection:

2. Then, to execute an Nmap service scan on the same port, we can use the -sV option in conjunction with the IP and port specification:

3. As you can see in the demonstration provided, Nmap was able to identify the service, the vendor, and the specific version of the product. This service-identification function can also be used against a specified sequential series of ports. This can alternatively be done using Nmap without a port specification; the 1,000 common ports will be scanned, and identification attempts will be made for all listening services that are identified: