Difference between Filtered vs Closed Ports

During nmap scans we found several times responses that say port closed and port filtered.

Example:

PORT      STATE    SERVICE
22/tcp    open     ssh
443/tcp   open     https
1024/tcp  filtered kdm
1084/tcp  filtered ansoft-lm-2
1863/tcp  filtered msnp
3128/tcp  open     squid-http
3333/tcp  filtered dec-notes
4900/tcp  filtered hfcs
9943/tcp  filtered unknown
30000/tcp open     unknown
38292/tcp filtered landesk-cba
40911/tcp filtered unknown
52673/tcp filtered unknown

If you get a response closed it means that the scanner is receiving a TCP reset packet.

If you do not get any response it means that the port is not available and thus changing the scan time that is required to fulfill the scan as the scanner needs to do more tests to make sure that there is no service available in the scanned port.

The best way to remove this information from your scan results is to use the option –open in the nmap. If we use it we will only get the results for open ports.

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.