10
telnet 99.99.99.99 33491
Trying 99.99.99.99...
Connected to 99.99.99.99..
Escape character is '^]'
^]
telnet> close
Connection closed.

As you can see, the above telnet command shows port 33491 is open.

Running NMAP with -PN on that same IP and port shows it as closed:

root@Ubuntu:~# nmap -PN 99.99.99.99 -p33491
Starting Nmap 5.00 ( http://nmap.org ) at 2011-10-18 18:18 EDT
Interesting ports on xxx.com (99.99.99.99):
PORT      STATE    SERVICE
33491/tcp filtered unknown

Nmap done: 1 IP address (1 host up) scanned in 2.07 seconds

In the above example, telnet shows the port open, but NMAP shows the port as 'filtered' aka closed.

How can I get NMAP to show open ports for remote hosts (that disable ping)?

sblair
  • 12,757
Tom G11
  • 405
  • 3
  • 9
  • 17

2 Answers2

8

filtered

Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. The filtering could be from a dedicated firewall device, router rules, or host-based firewall software. These ports frustrate attackers because they provide so little information. Sometimes they respond with ICMP error messages such as type 3 code 13 (destination unreachable: communication administratively prohibited), but filters that simply drop probes without responding are far more common. This forces Nmap to retry several times just in case the probe was dropped due to network congestion rather than filtering. This slows down the scan dramatically.

You could ask nmap to try a TCP Connect ...

nmap -PN -sT -p 33491 example.com
Community
  • 1
RedGrittyBrick
  • 85,717
4

Nmap responding that a port is filtered does not mean that it is closed. It means that NMap is not able to make that determination - it could be either open or closed.

Per the manual Chapter 15

Filtered means that a firewall, filter, or other network obstacle is blocking the port so that Nmap cannot tell whether it is open or closed.

Tim Brigham
  • 1,152