What Is A Banner?

when we try to connect to a port (i.e. the service running on that port) then it responds to our request and the header of the packet sent by the service in response contains some information about the service and this is called Banner.

Banner Grabbing process

Banner Grabbing-The processor of fetching banner of a service is called Banner Grabbing

Most common services that we are likely to grab banner for are Hyper Text Transfer Protocol (HTTP) which runs on port 80, Simple Mail Transfer Protocol (SMTP) which runs on port 25 and File Transfer Protocol (FTP) which runs on port 21

There are  two types of banner grabbing

Active grabbing-

Passive grabbing-


Active grabbing

specially crafted packets are sent to remote OS and the response is noted

The responses are then compared with a database to determine the OS

Responses from different OSesvary due to difference in TCP/IP Stack Implementation


Passive grabbing-

Banner Grabbing from error messages:- Error messages provide information such as type of server, type of OS, and SSL tool used by the target remote system

Sniffing The Network Traffic:- Capturing and analyzing packets from the target enables an attacker to determine the OS used by the remote system

Passive grabbing-

Banner Grabbing from the Page Extension: Looking for an extension in the URL may assist in determining the application version



Example: aspx => IIS server and Windows platform

Tools for banner grabbing

  • ID serve
  • Netcat
  • Shodan
  • Telnet
  • Nmap
  • Superscan


ID serve can always identify the model and version of any website’s server software


This simple utility reads and writes data across TCP or UDP network connections

It is designed to be a reliable back-end tool to use directly or easily drive by other programs and scripts

t can also do network debugging and exploration tool, since it can create almost any kind of connection you would need, including port binding to accept incoming connections


SHODAN combines an HTTP port scanner with a search engine index of the HTTP responses, making it trivial to find specific web servers. Shodan collects data mostly on web servers at the moment (HTTP port 80)


It is a protocol to access remote machines over the internet

It is also known as remote access protocol

Protocol for creating a connection with a remote machine our TCP/IP network.


Nmap (Network Mapper) is a security scanner, originally written by Gordon Lyon (also known by his pseudonym Fyodor Vaskovich), used to discover hosts and services on a computer network, thus building a “map” of the network


Superscan is a free Windows-only closed-source TCP/UDP port scanner by Foundstone (now part of McAfee).

 It includes a variety of additional networking tools such as ping, traceroute, HTTP HEAD, and whois

Some functionality has been crippled by restrictions imposed by Microsoft in Windows XP SP2 and newer releases

By admin

Leave a Reply

Your email address will not be published. Required fields are marked *