Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: sometimes, a scan shows filtered..

From: root <root () elxsi de>
Date: Sun, 18 Aug 2002 19:14:00 +0200 (CEST)
On Sat, 17 Aug 2002, Roeland Th. Jansen wrote:

Hi,
have a look at the nmap manpage:

<quote>
The result of running nmap is usually a list of  interest-
ing  ports on the machine(s) being scanned (if any).  Nmap
always gives the port's  "well  known"  service  name  (if
any),  number,  state,  and protocol.  The state is either
'open', filteredtoday , or a unfilteredfriend .  Open means that
the target  machine  will  accept()  connections on that port.


==> Filtered means that a firewall, filter, or  other  network
obstacle  is  covering  the  port and preventing nmap from
determining whether the port is  open.   Unfiltered  means
that  the  port is known by nmap to be closed and no fireĀ”
wall/filter seems to be interfering with  nmap's  attempts
to  determine  this.  Unfiltered ports are the common case
and are only shown when most of the scanned ports  are  in
the filtered state.


Martin


of mine and I were experimenting against his windows
machine and consecutive scans show consistently all the specified scan
ports closed.

but sometimes, I see a weird thing. instead of reporting the ports to be
closed, it reports :

1214/tcp   filtered    kazaa
1503/tcp   filtered    imtc-mcs
1720/tcp   filtered    h323hostcall
1863/tcp   filtered    msnp

which happen to be the four ports we were experimenting with. since
it;'s closed, no problem but it struck me that it was filtered.

why ?


---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).




---------------------------------
Paranoia heisst nur die Wirklichkeit realer zu sehen, als andere.

Name    : Martin Kluge
email   : martin () elxsi info
Phone   : +49 160 1530201
Projects: http://www.aa-security.de



---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Previous By Date Next
Previous By Thread Next

Current thread: