The "finger" protocol is used to return information on users on a specific host. Information that can be gained by using the finger is to see if someone is actively logged on to a server, or find a valid username. The finger protocol is far less prevalent now than it once was due to some problems with the protocol. Back in 1988 an Internet worm exploited an error in the protocol, and additional it was used by mischievous people to find information about server users. Finger had the potential to provide one of these mischievous users with information such as login name, phone number, and the last time the user had logged on to the system.
The finger service is very well known, and runs on port seventy-nine (79). The client or user opens an active open connection to port seventy-nine (79) with a one-line query, which is then processed by the server. The server then sends back the output of that query and then closes the connection to the client.
As I mentioned early due to problems in the past with the protocol many servers have this service disabled entirely in which case when the client attempts to connect to the service and the server has no passive open connection it will send back a RST and drop the connection. Though more often than not there will be a firewall blocking this port entirely and you won't even get that far.
For the full technical description and inner workings of this protocol please refer to its RFC, the finger protocol is defined in RFC 1288.