nmap results
Shane Presley
shane.presley at gmail.com
Fri Feb 11 18:18:42 UTC 2005
On Fri, 11 Feb 2005 08:04:37 -0600, Steve Buehler <steve at ibapp.com> wrote:
> I am wondering if someone can tell me what closed would mean in results
> for nmap. Basically, does that mean that a firewall is filtering it? Or
> does it mean that a firewall is NOT filtering it and the program won't
> except anything without a password or configured to only accept from a
> specific IP? Or the port is not being blocked, but no program is running
> to except connections on it? Or something else?
Basically it means it got a reset packet. So an open port starts a 3
way handshake. NMAP sends a syn, the server sends syn-ack, etc.
A closed port gets the syn packet from NMAP, and sends a reset back to
politely tell NMAP that the port doesn't have any services running on
it.
Filtered usually means that the syn packet got no reply. No reset, no
syn-ack, nothing. Usually a sign of a firewall.
Shane
More information about the redhat-list
mailing list