Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

closed port question

From: TD <tdillman () tdillman com>
Date: Wed, 30 Apr 2014 14:54:51 -0500


Here is the scenario: 

When I scan laptop A [nmap -sV -T4 -O -F --version-light] on wired network 1 I get:

* 4 ports reporting open
* 21 ports reporting closed - stuff like ftp, telnet, pop3, and pptp show closed
*  75 ports reporting filtered. 

When I scan laptop A [nmap -sV -T4 -O -F --version-light] on wireless network 2 I get:

* the same 4 ports reporting open
* 25 ports reporting closed - same stuff and a few more
* 71 ports reporting filtered

My 2 questions:

1. Since a closed port indicates no program is listening, could a closed port response mean a program has listened in 
the past? I ask as some machines I scan will report 20 or so closed ports, while other similar machines scanned with 
the same settings do not report many (or none) closed reports. 

2. Are the count variations in closed | filtered ports likely caused by the firewall and/or connection medial?

Thanks!


_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: