Why is this NMAP scan to a remote host showing me no ports open when the ports REALLY are open

nmapportvulnerabilities

telnet 99.99.99.99 33491
Trying 99.99.99.99...
Connected to 99.99.99.99..
Escape character is '^]'
^]
telnet> close
Connection closed.

As you can see, the above telnet command shows port 33491 is open.

Running NMAP with -PN on that same IP and port shows it as closed:

root@Ubuntu:~# nmap -PN 99.99.99.99 -p33491
Starting Nmap 5.00 ( http://nmap.org ) at 2011-10-18 18:18 EDT
Interesting ports on xxx.com (99.99.99.99):
PORT      STATE    SERVICE
33491/tcp filtered unknown

Nmap done: 1 IP address (1 host up) scanned in 2.07 seconds

In the above example, telnet shows the port open, but NMAP shows the port as 'filtered' aka closed.

How can I get NMAP to show open ports for remote hosts (that disable ping)?

Best Answer

filtered

Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. The filtering could be from a dedicated firewall device, router rules, or host-based firewall software. These ports frustrate attackers because they provide so little information. Sometimes they respond with ICMP error messages such as type 3 code 13 (destination unreachable: communication administratively prohibited), but filters that simply drop probes without responding are far more common. This forces Nmap to retry several times just in case the probe was dropped due to network congestion rather than filtering. This slows down the scan dramatically.

You could ask nmap to try a TCP Connect ...

nmap -PN -sT -p 33491 example.com

Best Answer

Related Solutions

Some confusion about listening and open ports, difference between listening, open and blocked

Related Question