Correct me if I'm wrong. I believe it goes something like this. If a host is not blocked by any firewall and assuming only port 80 is listening on the host.... 1. You send a syn to host:80, it will try to do a tcp handshake and reply with something like "I'm here, service open, ready for your request". Nmap will see this as "open". 2. You send a syn to host:81 (which is not listening), it will send back a msg saying that there is no service listening to the port. Nmap will see this as "closed".
However, if the host is blocked by a firewall on all ports accept 80 .... 1. You send a syn to host:80, the same thing happens, it will reply. 2. You send a syn to host:81, it will be blocked by the firewall. Depending on how you firewall is configured, it may just simply drop this packet. Meaning there is no reply message at all. The firewall sees a packet to port 81 which it is blocking and simply delete this packet off the network. So there you are .. waiting for a syn/ack if the port is listening, or a port not listening error msg ... but you receive none. So nmap times out that connection and assumes that the port is "filtered" by a firewall. Also, I believe nmap is clever enough such that it checks whether the IP is alive first. It does this either by ping, or if there is a reply (either port listening or port closed) message from the same IP. So if you see a reply from the IP from different ports, but not port 81, it assumes port 81 is "filtered" by a firewall or something. Thomas -----Original Message----- From: marc brown [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 29, 2003 2:03 AM To: [EMAIL PROTECTED] Subject: nmap status question i am new to linux but after getting my rh9 box running i have started to use nmap to do some scanning of my networks. can someone tell me exactly what it means when the state of a particular port is 'filtered'? thanks, marc --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
