Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Question for NMAP experts 1
- Thread starter mmonti
- Start date
-
1
- #2
JasonDeckard
Programmer
NMAP considers a TCP port open if it is able to connect.
NMAP considers a TCP port closed if it receives a RST when it attempts to connect (commonly known as connection refused).
NMAP considers a TCP port filtered if it receives no response from the remote system.
Normally, a TCP session is established with a three-way handshake. The client sends a "SYN Packet" to the server (requesting a connection), and the server responds with an indication of whether the connection will be allowed or not (SYN/ACK for 'yes' or RST for 'no'). If the server will allow the connection, the client sends an acknowledgment (the third step of the handshake).
Either way, the server is expected to respond to the client's connection request. If the client never gets a response to the connection request, it is assumed that a firewall is blocking the connection request (of course, the server could simply be offline or a routing issue could be preventing packets from getting there or back).
I hope my glossed-over version of TCP handshakes helps explain what NMAP means when it refers to "filtered ports".
Regards,
Jason Deckard
NMAP considers a TCP port closed if it receives a RST when it attempts to connect (commonly known as connection refused).
NMAP considers a TCP port filtered if it receives no response from the remote system.
Normally, a TCP session is established with a three-way handshake. The client sends a "SYN Packet" to the server (requesting a connection), and the server responds with an indication of whether the connection will be allowed or not (SYN/ACK for 'yes' or RST for 'no'). If the server will allow the connection, the client sends an acknowledgment (the third step of the handshake).
Either way, the server is expected to respond to the client's connection request. If the client never gets a response to the connection request, it is assumed that a firewall is blocking the connection request (of course, the server could simply be offline or a routing issue could be preventing packets from getting there or back).
I hope my glossed-over version of TCP handshakes helps explain what NMAP means when it refers to "filtered ports".
Regards,
Jason Deckard
- Thread starter
- #3
- Status
Similar threads
- Locked
- Question
- Locked
- Question