Home page logo

pen-test logo Penetration Testing mailing list archives

From: "Mehmet Murat Gunsay" <mgunsay () btkom com>
Date: Fri, 5 Oct 2001 16:39:46 +0300

For what it is worth, Nmap always retries ports that do not respond.
It only marks them "filtered" after multiple probes fail to elicit any
response.  If lost packets are detected (for example if Nmap receives
a response to the second probe but not the first one), then the number
of retries is increased dramatically.  Thus it is unlikely that an
open port will be mislabeled "filtered" because of a few dropped

To expand on this subject further, I'm running the following nmap command line

nmap -P0 -sS -p 80 xxx.xxx.xxx.xxx

and I know that the port is open.  However I'm getting the following result:

80/tcp     filtered    http
Nmap run completed -- 1 IP address (1 host up) scanned in 36 seconds

How should I analyze this result??? Any feedback appreciated.

Mehmet Murat Gunsay
mgunsay () btkom com     murat () gunsay com
PGP Key ID: 0xDDE611E1

This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]