Nmap Development mailing list archives
closed port question
From: TD <tdillman () tdillman com>
Date: Wed, 30 Apr 2014 14:54:51 -0500
Here is the scenario: When I scan laptop A [nmap -sV -T4 -O -F --version-light] on wired network 1 I get: * 4 ports reporting open * 21 ports reporting closed - stuff like ftp, telnet, pop3, and pptp show closed * 75 ports reporting filtered. When I scan laptop A [nmap -sV -T4 -O -F --version-light] on wireless network 2 I get: * the same 4 ports reporting open * 25 ports reporting closed - same stuff and a few more * 71 ports reporting filtered My 2 questions: 1. Since a closed port indicates no program is listening, could a closed port response mean a program has listened in the past? I ask as some machines I scan will report 20 or so closed ports, while other similar machines scanned with the same settings do not report many (or none) closed reports. 2. Are the count variations in closed | filtered ports likely caused by the firewall and/or connection medial? Thanks!
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- closed port question TD (Apr 30)