SECURITY PENETRATION TESTING Are Your Computer Secure Enough Now ?

15Jun/090

Nmap Port Scanning

Nmap's real power is its ability to efficiently scan ports. Nmap offers a variety of port scan techniques, each with their own specific use and expected results. It is important to apply the proper scan technique to the environment and targets being scanned. Port scanning is effective in the enterprise for a number of activities including security auditing, asset management, and compliance. You may be interested in locating systems with file sharing ports or unauthorized File Transfer Protocol (FTP) servers or printers. Open ports reveal potential security weaknesses, provide application and services inventory, and validate compliance with approved software policies. Closed ports are useful for host discovery and OS detection. Remember that port scan results may not always be accurate. Issues such as firewalls and non-RFC compliant hosts and applications can give misleading results. In addition, packet filtering that drops responses to scans slows down the scan significantly as Nmap performs several retries.

SecurityOwned Notes : Nmap Port State

At first glance, you may think that a port can have two states: open and closed. While this is true from the operating system's point of view, Nmap can detect other occurrences effecting state. Nmap detects the following six port states:

SecurityOwned Nmap Port State

Port State Description
Open Open ports have an active application accepting TCP connections or UDP packets
Closed Closed ports are accessible, but they do not have a listening application.
Filtered Responses are blocked by a packet filter, therefore Nmap cannot determine if the port is open.
Unfiltered Unfiltered ports are accessible, but Nmap is unable to determine if they are open or closed. (ACK scan only)
Open|filtered Nmap is unable to determine if the port is open or filtered for scan types where open ports do not respond. (UDP, IP Proto, FIN, Null, Xmas scans)
Closed|filtered Nmap is unable to determine if a port is closed or filtered. (IP ID idle scan only)

Share and Enjoy:
  • Digg
  • StumbleUpon
  • Facebook
  • Twitter
  • MySpace
  • Technorati
  • del.icio.us
  • LinkedIn
  • Sphinn
  • Mixx
  • Google Bookmarks
  • BlinkList
  • Diigo
  • email
  • Print
  • PDF

Enjoy this article? Subscribe SecurityOwned!

Want to subscribing SecurityOwned RSS feed enter your email address: 

About SecurityOwned

SecurityOwned is My Personal Documentation about Computer Security
Filed under: Nmap Leave a comment
Comments (0) Trackbacks (0)

No comments yet.


Leave a comment


No trackbacks yet.

« Nmap Basic Port Scanning Nmap Discovering Hosts »

SECURITYOWNED CATEGORIES

SECURITYOWNED RESOURCE

SECURITYOWNED MEMBER OF :

Add to Technorati Favorites

SECURITYOWNED VALIDATION

[Valid RSS]