Nmap Development mailing list archives
Re: Confused about some port scan results.
From: "Ron (list)" <ron () skullsecurity net>
Date: Thu, 26 Jun 2008 09:07:52 -0500
Hi Jason, Jason Cipriani wrote:
1. I'm using the correct command line options, right (UDP scan, in order, 6000 to 6500, of 192.168.2.200)?
Yes, that's correct.
2. I happen to know that the device only watches for data on port 6300. Why does it say all 501 ports are open/filtered?
See the next answer.
3. What does "open/filtered" mean? Actually what does "filtered" mean? When I think "filtered" I think "blocked" which is sort of the opposite of open, but I'm pretty sure nmap isn't trying to tell me that "all 501 ports are either open or they aren't", lol.
The problem with UDP scans is that there isn't necessarily an indication that a port is open or filtered. If no data is returned, it may be because the port is being filtered, or it may be because no data is being returned. This is the biggest difficulty with UDP scans. nmap (I believe) attempts to send data to the ports to try and coax the services to respond, proving that they're open, but for unknown protocols this may not always be the case. Something I just recently learned (with thanks to Ed Skoudis at SANS) is the --reason flag for nmap. If you use that, you should get output like this: 6000/udp closed unknown port-unreach The last column (port-unreach) tells you that the reason it was marked as "closed" is because the port was unreachable. If you get one that says something like, "no response", it tells you that the reason it was marked as open|filtered is because the port didn't respond to any of the probes. Hope that helps, and let me know if I stopped making sense somewhere! Ron
Thanks! Jason _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Confused about some port scan results. Jason Cipriani (Jun 26)
- Re: Confused about some port scan results. Michael Pattrick (Jun 26)
- Re: Confused about some port scan results. Ron (list) (Jun 26)