Entre as várias funcionalidades do Nmap, um dos mais conhecidos scanner de rede, está a de tentar descobrir quais programas e versões estão instalados no alvo. A opçao "-sV" faz a brincadeira acontecer.
$ nmap -sV 172.20.1.1
Starting Nmap 6.00 ( http://nmap.org ) at 2014-06-17 11:56 BRT
Nmap scan report for 172.20.1.1
Host is up (0.0011s latency).
Not shown: 980 closed ports
PORT STATE SERVICE VERSION
42/tcp open wins Microsoft Windows Wins
53/tcp open domain Microsoft DNS
88/tcp open tcpwrapped
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
389/tcp open ldap
445/tcp open microsoft-ds Microsoft Windows 2003 or 2008 microsoft-ds
464/tcp open kpasswd5?
593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
636/tcp open tcpwrapped
1025/tcp open msrpc Microsoft Windows RPC
1027/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
1048/tcp open msrpc Microsoft Windows RPC
1053/tcp open msrpc Microsoft Windows RPC
1124/tcp open msrpc Microsoft Windows RPC
2701/tcp open landesk-rc LANDesk RC 2.0
2702/tcp open sms-xfer?
3268/tcp open ldap
3269/tcp open tcpwrapped
3389/tcp open ms-wbt-server Microsoft Terminal Service
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 50.23 seconds
Outro exemplo:
$ nmap -sV 172.20.1.14
Starting Nmap 6.00 ( http://nmap.org ) at 2014-06-17 12:21 BRT
Nmap scan report for www.segundatela.tv.br (172.20.1.14)
Host is up (0.00062s latency).
Not shown: 993 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 6.0p1 Debian 4 (protocol 2.0)
80/tcp open http Apache httpd 2.2.16 ((Debian) PHP/5.3.3-7+squeeze14 with Suhosin-Patch)
111/tcp open rpcbind (rpcbind V2-4) 2-4 (rpc #100000)
666/tcp open http darkstat network analyzer httpd 3.0.715
873/tcp open rsync (protocol version 30)
2049/tcp open nfs (nfs V2-4) 2-4 (rpc #100003)
10000/tcp open http MiniServ 1.660 (Webmin httpd)
Service Info: OSs: Linux, Unix; CPE: cpe:/o:linux:kernel
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 46.18 seconds