Basically I need to say Server1, with ipaddress 1.2.3.4 has Application1 on it, and that network traffic uses ports 100, 101, and 103
Since many of these servers were built and setup before I started working here and there is no documentation from previous admins, I was hoping there might be a tool that could show me that information.
Thanks
Update for those asking: Both windows and linux OS's virtual and physical hardware.
I think most port scanners would do what you want. A popular one is nmap.
I'd laugh and say "no," in all probability. As mentioned in the comments, nmap/netstat and port scanning isn't a complete solution, since a lot of these services are only active under certain circumstances or during certain times.
The only reliable way I can think of doing this is by checking the firewall rules on each server to see what ports are opened, and correlating those openings to a service. Of course, even this isn't a complete solution - it relies on the servers all having firewalls turned on and the assumption that an open port is open for an existing service (and not for historical reasons or default configuration or misconfiguration, etc.).
Again, though, I'd probably reject the request - this information doesn't seem particularly useful, so I'm thinking this is probably coming form someone non-technical who really needs/wants different information, but is asking for this in an incorrect or misguided fashion.
EDIT:
In response to the information that this is for a new firewall, you need to get the requester to rework their request. A new firewall is not generally concerned with every service and port used on every server, it is concerned with what services and ports you allow into and out of the network. That's probably what they really want you find out, and is a far easier task than the question as asked.
In Windows you can run "netstat -a -n -o" to list all listening ports in numerical form and match those ports to processes.
A combination of
nmapfrom the same network (no firewalls in between) and local checks (as the answer by jeoqwerty or lsof/netstat/others on Unix/Linux), check what services are being started, check what is installed.Look at the ports open on the local firewalls of the targets, check the configuration of "Internet facing" firewalls, what traffic do they let go through to your targets/leave from them. Any special configuration there is presumably to allow some specific service.
Pull all the above together, ask around if somebody can tell you what is supposed to run on the targets, check with users what they use on the machines.
Once you have a reasonably complete picture, you'll have to start questioning which of the identified services are really needed. Check that the configurations are sane, according to best practices for each. Make sure everything is up to date, antivirused if Windows, the works.
Yep, you've got work cut out for you. Good luck!
Another possibility would be to scan SNMP information and check out the currently active TCP/IP connections via SNMP. Of course, for windows and Linux computers, SNMP is not sufficient and maybe other protocols such as SSH or telnet need to be utilized.
Once you have all that information, you can determine which server is talking to which client/other server.
Of course, a single scan is not enough. You need to do it regularly in order to get a complete picture.
NetFlow was designed to do exactly what you're looking for. If properly set up you can see all of the conversations on your network and discover each service in use. There are a wide variety of products ranging from cheap to enterprise grade, closed and open source. Some of the fancier products will derive dependent services (e.g. the front-end web server depends on the database, DNS, and LDAP servers.) and alert you when there are outages or performance issues.
To use it you'll have to set up one or more collection points on your backbone (either active on your switch, router, and/or firewall or passive via a SPAN port or tap). Each collection point will feed NetFlow data to a collector.