April 2017
Intermediate to advanced
350 pages
8h 35m
English
Content preview from Applied Network Security
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
The reason switch
Note that, in the output from the UDP scan, some ports are reported as open/filtered. This indicates that Nmap cannot determine whether the port is open or is filtered by a device such as a firewall. Unlike TCP ports that respond with a RST packet when they are closed, UDP ports respond with an ICMP packet when they are closed. This can make scans far less reliable, as often the ICMP response is blocked or dropped by intermediate devices (firewalls or routers).
Nmap has a switch that will return the reason why it has placed a particular port in a particular state. For instance, we can run the same UDP scan as before with the --reason switch and Nmap will return the same results, but this time it will give us the reason it ...