I've always struggled with various port states reported by nmap (http://nmap.org). Different scan types report different port states for listening but firewalled ports, listening accessible ports or not listening and so on.
To make my life easier I decided to create tables of most common scan types. I armored myself with Wireshark and did some testing. I used a Windows Firewall running on the scanned machine (called target) for the purpose of this lab.
- Service State: Listening - means that there is a valid service listening on the scanned port
- Service State: Not Listening - there is nothing on the scanned port
- No Firewall column - firewall is off
- Firewall column - scanned port is firewalled
In a SYN scan NMAP attempts to establish a half-open TCP connection (syn + syn,ack + rst,ack).
TCP SYN
|
Service State
|
No Firewall
|
Firewall
|
|||
-sS
|
Listening
|
State: Open
|
State: Filtered
|
|||
nmap
target
nmap
|
SYN
SYN,ACK
RST
|
nmap
target
nmap
|
SYN
SYN
|
|||
Not Listening
|
State: Closed
|
State: Closed
|
||||
nmap
target
|
SYN
RST,ACK
|
nmap
target
|
SYN
RST,ACK
|
Comments
Post a Comment