NMAP port states explanation - TCP Connect -sT


In TCP connect scan NMAP attempts to establish a full TCP connection (syn + syn,ack + ack) and then close it (rst,ack).

Looking at the below table we can see that both listening and not listening firewalled ports respond with packets (segments to be more correct) that have the same flags set (rst,ack). NMAP is still able to distinguish the state (filtered vs closed). It must be using some other properties of the packet. 



TCP Connect
Service State
No Firewall
Firewall
-sT
Listening

State: Open

State: Filtered

nmap
target
nmap
nmap
SYN
SYN,ACK
ACK
RST,ACK
nmap
target

SYN
RST,ACK

Not Listening

State: Closed


State: Closed
nmap
target
SYN
RST,ACK
nmap
target
SYN
RST,ACK


Table info can be found here.

No comments:

Post a Comment