What do exactly "filtered" or "closed" mean?
On the last BlackHat, Mr Vaskovich presented some of the new nmap features:top ports, rate limited, packet trace... and reason
Mr Vaskovich, ready to rock
With --reason option activated, the output will show you not only that a port was open or filtered or whatever, but also the reason behind.
Check these two nmaps results out:
$ nmap -T4 mytarget.com
[...]
Not shown: 992 closed ports
PORT____STATE____SERVICE
22/tcp__open_____ssh
80/tcp__open_____http
135/tcp_filtered_msrpc
139/tcp_filtered_netbios-ssn
445/tcp_filtered_microsoft-ds
$ nmap --reason -T4 mytarget.com
[...]
Not shown: 992 closed ports
Reason: 992 conn-refused
PORT____STATE____SERVICE______REASON
22/tcp___open_____ssh________________syn-ack
80/tcp__open_____http_________syn-ack
135/tcp_filtered_msrpc________no-response
139/tcp_filtered_netbios-ssn__no-response
445/tcp_filtered_microsoft-ds_no-response
"Did you ever wonder why a particular port was marked filtered? It might have been because the target didn't respond, or perhaps you received an ICMP Destination Unreachable. Nmap’s new reason reporting causes it to display why it said what it did about a port" [http://tinyurl.com/ospp5p]
So, if you would like to add this valuable information to your output, don't forget to ask him:
hey nmap, tell me why
No comments:
Post a Comment