Banner Grabs with netcat and nmap

By | 2011/12/22

netcat can be used to quickly grab a service banner, as well as trusty nmap. I’ll show you some tips!

The netcat command is simply:

$ nc [target] [port]

Add tack v to get more verbosity.


$ nc -v 22
Connection to 22 port [tcp/ssh] succeeded!

$ nc -v 80
Connection to 80 port [tcp/http] succeeded!
[enter, enter]

HTTP/1.1 400 Bad Request
Date: Thu, 22 Dec 2011 16:17:19 GMT
Server: Apache
Strict-Transport-Security: max-age=43200; includeSubDomains
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=iso-8859-1

$ nc -v 25
Connection to 25 port [tcp/smtp] succeeded!
220 *************************

And of course nmap can be used for banner grabbing as well!

The nmap command to use which will scan all open ports and report banners is:

$ sudo nmap -sV [target]

$ nmap -sV

Starting Nmap 5.51 ( ) at 2011-12-22 11:37 EST
Nmap scan report for (
Host is up (0.083s latency).
rDNS record for
Not shown: 996 filtered ports
22/tcp  open  ssh      OpenSSH 5.3p1 (protocol 2.0)
25/tcp  open  smtp     Cisco PIX sanitized smtpd
80/tcp  open  http     Apache httpd
443/tcp open  ssl/http Apache httpd
Service Info: Device: firewall

Service detection performed. Please report any incorrect results at .
Nmap done: 1 IP address (1 host up) scanned in 22.86 seconds