1234 Unknown Service
A mysterious service that nmap failed to identify. We’ll cover how to fingerprint it manually, use Google to find clues, test the connection and eventually discover what it is.
Last updated: March 9th, 2023Manual Fingerprinting
nmap -sV -p 1234 x.x.x.x
#If nmap says “unknown service”, try this script:
nmap --script=fingerprint-strings -p 1234 x.x.x.x
#This will print the readable strings from the service responseGoogle Search
Copy and paste some of the strings into Google and see if you can find any matches. For example, if you see something like “Welcome to FooBar server v1.2”, try searching for “FooBar server”. You might find some documentation or forum posts that describe the service or its protocol
Testing Connection
If you have an idea of what the service is or how it works, try connecting to it with different tools. For example, if you think it’s a web server, try curl or wget. If you think it’s a telnet server, try telnet or netcat. If you think it’s a FTP server, try ftp. See if you get any useful output or error messages