Nmap - Port States

September 30, 2020


Nmap is the most used port scanning tool on the Internet and it is reasonable too as it is extremely powerful one of the reasons is the way they divided the states of ports. Generally. the port scanner divides the port into open or closed states but Nmap here did a really good job. It divides it into six different states.
  • open: An application is actively accepting TCP Connections or UDP datagrams or SCTP associations on the port. An open port is like a portal for an attack. Therefore, attackers and pen-testers want to exploit it. On the other hand, security officials try to close or protect the port using firewall rules. 
  • closed: Port is accessible. It receives and responds to Nmap probe packets. But there is no application listening on it. This shows the host is up and can be scanned later. Security officials might want to block these ports with a firewall rule. 
  • filtered: Nmap cannot determine where the port is open because some form of packet filtering prevents its probes from reaching the port. This filtering could be done via a firewall rule or a firewall device present on the network. If the security officials block the attacker to reach the closed ports, they would end be getting these messages which eventually frustrates the attacks. Also, this forces Nmap to retry several times just in case the probe was dropped due to network congestion rather than filtering which also, in turn, slows the scan drastically. 
  • unfiltered: Port is accessible and Nmap is unable to determine whether it is open or closed. Scanning unfiltered ports with other scan types such as Windows scan, SYN scan, or FIN scan, may help resolve whether the port is open.
  • open|filtered: Nmap is not able to determine whether a port is open or filtered. This occurs for scan types in which open ports give no response. The UDP, IP protocol, FIN, NULL, and Xmas scans classify ports this way.
  • closed|filtered: Nmap is not able to determine whether a port is closed or filtered. It is only used for the IP ID idle scan.   


We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)