Check for Web Servers and more

There's a fairly simple way to determine if a machine is a Web Server; just try to connect to it! ;-)

An easy way is to type the address into your browser; but the simplest way is to just "telnet 80" which connects to port 80 (the default httpd port) and sees if anything is listening.

Note that you can do that with most services by connecting to that port, and nmap-web allows you do to that.

That's basically all this web page does ... using a "telnet on steroids" program called nmap which opens connections up pretty darn fast (like about a thousand a minute! ;-) and sees if there is an answer.

NOTE: Just because something is listening on port 80 does not guarantee that it is a web server, but since that is the dafault port, it probably is. Also, you can run Web Servers on ANY port ... but it makes little sense to unless it is a well-known port. For example, 443 is reserved for secure HTTP - https.

Note that some other tricks (Firewalls, TCP Wrappers, etc.) can be used to prevent a scanning machine from connecting to a web server that is actually running.

If you are only checking port 80, this program will do it at a rate will do 'em at a rate of about 1000 hosts/minute. "MORE" will be about 500 hosts/minutes, and LOTS about 200 hosts/minute. These numbers are VERY approximate and can increase dramatically if a lot of hosts are unresolveable and/or are down.

NOTE ALSO: this program does not check the web server to see if the pages are "protected" or meet any compliance standards ... it just checks to see if a web server exists at some address so you can then investigate further ... you can ask it to tell you what Web Server version is reported.

Here's a list of definitions for the "well known" ports .. again, remember that ANYTHING can be running on ANY port ...


tcpmux            1/tcp      # TCP Port Service Multiplexer [rfc-1078]
echo              7/tcp      #
discard           9/tcp      # sink null
systat            11/tcp     # Active Users
daytime           13/tcp     # Date
qotd              17/tcp     # Quote of the Day
chargen           19/tcp     # ttytst source Character Generator
ssh               22/tcp     # Secure Shell Login
time              37/tcp     # timeserver
nameserver        42/tcp     # Host Name Server
tftp              69/tcp     # Trivial File Transfer
finger            79/tcp     # Finger Daemon
http              80/tcp     # World Wide Web HTTP
pop-2             109/tcp    # PostOffice V.2
pop-3             110/tcp    # PostOffice V.3
auth              113/tcp    # ident, tap, Authentication Service
uucp-path         117/tcp    # UUCP Path Service
nntp              119/tcp    # Network News Transfer Protocol
netbios-ns        137/tcp    # NETBIOS Name Service
netbios-dgm       138/tcp    # NETBIOS Datagram Service
netbios-ssn       139/tcp    # NETBIOS Session Service
imap2             143/tcp    # Interim Mail Access Protocol v2
snmp              161/tcp    #
snmptrap          162/tcp    # snmp-trap
http-mgmt         280/tcp    # 
asip-webadmin     311/tcp    # appleshare ip webadmin
https             443/tcp    # secure http (SSL)
printer           515/tcp    # spooler (lpd)
klogin            543/tcp    # Kerberos (v4/v5)
kshell            544/tcp    # krcmd Kerberos (v4/v5)
http-rpc-epmap    593/tcp    # HTTP RPC Ep Map
sco-websrvrmg3    598/tcp    # SCO Web Server Manager 3
ipcserver         600/tcp    # Sun IPC server
webster           765/tcp    # 
xaudio            1103/tcp   # Xaserver	# X Audio Server
webster           2627/tcp   # Network dictionary
www-dev           2784/tcp   # world wide web - development
squid-http        3128/tcp   #
dec-notes         3333/tcp   # DEC Notes
mmcc              5050/tcp   # multimedia conference control tool
pcanywhere        5632/tcp   #
http-proxy        8080/tcp   # Common HTTP proxy/second web server port