At EasyTechJunkie, we're committed to delivering accurate, trustworthy information. Our expert-authored content is rigorously fact-checked and sourced from credible authorities. Discover how we uphold the highest standards in providing you with reliable knowledge.

Learn more...

What Is Banner Grabbing?

Banner grabbing is a technique used to gather information about computer systems on a network and the services running on its open ports. It's a critical step in network security analysis, allowing administrators to identify potential vulnerabilities. By sending requests to a system, the responses received can reveal software versions and configurations. How secure is your network against such reconnaissance?
Jeremy Laukkonen
Jeremy Laukkonen

Banner grabbing is an activity that is used to determine information about services that are being run on a remote computer. This technique can be useful to administrators in cataloging their systems, and ethical hackers can also use it during penetration tests. Malicious hackers also use banner grabbing, since the technique can reveal compromising information about the services that are running on a system. The technique works by using Telnet, or a proprietary program, to establish a connection with a remote machine, after which a bad request is sent. That will cause a vulnerable host to respond with a banner message, which may contain information that a hacker could use to further compromise a system.

In a computer networking context, the term banner typically refers to a message that a service transmits when another program connects to it. Default banners often consist of information about a service, such as the version number. The banner for a hypertext transfer protocol (HTTP) service will typically show the type of server software, version number, when it was modified last, and other similar information. When a program such as Telnet is used to intentionally gather this information, it is usually referred to as banner grabbing.

Banner grabbing can be useful to administrators in cataloging their systems.
Banner grabbing can be useful to administrators in cataloging their systems.

A few different types of software, including Telnet and various proprietary programs, can be used to perform banner grabbing. Telnet is a type of network protocol that is used to establish a virtual terminal connection with a remote host. Most operating systems (OSes) come with the ability to establish Telnet sessions, so that is one of the primary ways that banner grabbing is performed. Whether Telnet or another program is used, banners are grabbed by connecting to a host, and then sending a request to a port that is associated with a particular service, such as port 80 for HTTP.

One of the purposes of banner grabbing is system administration, in which case it can be useful for HTTP fingerprinting and other activities. An administrator can also use the technique to perform an inventory on all of the different services and systems operating on the host for which he is responsible. He will typically establish a Telnet connection with the host, and then query each port and catalog the results. White hat hackers can also use the technique during the planning phase of a penetration test.

Malicious hackers often use banner grabbing as well when looking for vulnerable hosts. They typically establish a connection with a host, and then query ports looking for vulnerable services. Since the default banners often include the type of server software and version, it is possible to identify services with known exploits. The hacker can then use those exploits to carry out additional attacks.

You might also Like

Discussion Comments


@Vincenzo -- Telnet is on the decline, to be sure, but there are still millions of computers with that program and those could be vulnerable to those banner grabbing attacks.

I know there are some operating systems that no longer include Telnet, but a lot of people add the program and it is readily available for free. Who is adding Telnet? Well, there are people who still cruise old bulletin board systems (BBS) that used to be available by dial up Internet and are now accessible through Telnet.

There are a lot of reasons to grab Telnet, but those who do should be aware their systems could be vulnerable to attacks and should take appropriate precautions.


But I thought Telnet was on the way out. If that is the case, wouldn't that pretty much put a dent in banner grabbing? I know there are other proprietary programs in use, but Telnet was (and probably still is) as common as sin on computers. Those days, however, appear to be coming to an end.

Post your comments
Forgot password?
    • Banner grabbing can be useful to administrators in cataloging their systems.
      By: micromonkey
      Banner grabbing can be useful to administrators in cataloging their systems.