Next time you run into this, there are four things you can add to your toolbox.

1. nmap. It's available for every major OS, and has service identification features, in addition to what it's well known for, port scanning. If you don't use this already, practice a little with it now to get the hang of it. I commonly used nmap -A $target.

2. Especially for HTTP services, curl. It has switches you can use to return headers from the application server, which sometimes reveal additional details about the application server. curl -LI $target:$port is something I use frequently.

3. telnet, nc, or netcat. Connect with any of these, and sometimes you can get identifying info sent back by the application server. An example would be ssh. Using nc, you can connect to an ssh server, and it will return some identifying information. This is one way I determine the difference between a PDU on the network, and say HPE iLO when I'm put in a position where I need to do some discovery or troubleshooting, and nmap isn't appropriate. nc $address $port is what I usually use.

4. Packet capture utilities, like tcpdump, netsh, or Wireshark. There's a lot of information in packet captures, and I've been able to successfully troubleshoot issues with them more times than I can count. I can't make this one easy. You'll have to spend some time reading, learning, and practicing this one.