|This article does not cite any sources. (February 2013) (Learn how and when to remove this template message)|
On computer networks, a service scan identifies the services running on a list of open ports. This is closely tied to port scanning and some tools (e.g. nmap, nessus) support both. A service scan is preferable to referring to a port list, as it can identify services running on non-standard ports, which is common in practice.
Service scanners work by sending some probe data to the port, and monitoring the response. For example, sending "GET /" as a probe could detect a web server, and the exact response will give some indication which server. Multiple probes will be sent to identify less common services. The nmap service scan captures information from unidentified ports, and users are encouraged to submit details of these, which will be included in updates.
Almost all vulnerability scanners have a built-in service scan. For example, Nessus uses the find_service plugin to perform a service scan. The results of the service scan are used to determine which tests to run against each port.