extra features for nmap

["testic" <testic () btinternet com>]

I hope I'm sending this to the correct address...

I was scanning a company network the other day (with their permission of course) and I thought I'd discovered a lot of 
unusual services running on their machines. Later, when I asked their admin about this I was told that they aren't 
unusual services at all, merely common services running on non-standard ports. Which gave me the idea.

If a database similar to the os-fingerprints database were started, containing responses of known programs, then one 
could probe a port already known to be 'open' to discover what program is actually running on that port. 

It may well be that such a thing exists, if it does then I don't know about it. But certainly I would find such a thing 
extremely useful, as merely scanning for open ports on a host is only half the story...

What are everyone elses thoughts?