Nmap Development mailing list archives
Re: nmap ?
From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 8 Jan 2016 21:02:01 -0600
Michael, Thanks for your interest in Nmap. I'll try to answer your questions as I understand them. Why does nmap show UDP port 68 as closed filtered when you scan a device
that has all ports firewalled?
I'm not sure what you mean by "closed filtered," but you can use the --reason option to show a short description of why Nmap decided on a particular state for a port. I'd guess what you are seeing is "open|filtered" which means no response was received. This can be because the port is open and does not respond to the empty packet Nmap sent, or because the host is firewalled and is dropping packets to that port.
It does an ARP so it knows a device is there but then it treats not getting a response back for 68 different than all the others. A scan of a network with –sU –p 68 –Pn basically shows the same host # results as an ARP scan of –sn –n –Pn –PR.
Nmap does an ARP scan for host discovery any time it is possible, because it is the fastest and most complete method of host discovery on Ethernet-style networks. This overrides all other host discovery options, even the -Pn option. If you *really* want to do something different you can use the --disable-arp-ping option.
Why does nmap show a list of all the ports closed if the range of port to be scanned is less than 25 for TCP and UDP? -p 50-74 shows the list, -p 50-75 does not.
To save space, Nmap sometimes chooses to "roll up" or condense certain "uninteresting" port states into a single statement like "Not shown: 26 closed ports." The code for this decision is in portlist.cc in the PortList::isIgnoredState function. Without the -v or -d options, 25 is the cutoff number for a state being condensed like this. Dan
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- nmap ? Michael Chrisco (Jan 08)
- Re: nmap ? Daniel Miller (Jan 08)
- Message not available
- Re: nmap ? Daniel Miller (Jan 11)
- RE: nmap ? Michael Chrisco (Jan 12)
- Message not available
- Re: nmap ? Daniel Miller (Jan 08)