LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 12-07-2009, 08:22 AM   #1
gsmith411
LQ Newbie
 
Registered: Dec 2009
Posts: 1

Rep: Reputation: 0
How does nmap determine a port is tcpwrapped?


I am scanning a system and nmap reports about 3/4 of the ports are tcpwrapped. Does anyone know how does nmap determines this? receiving no response to a SYN packet should indicate a firewall probably blocking, thus giving a "Filtered" response. Receiving a RST packet back should indicate a closed port, so what indicates a tcpwrapped port?
 
Old 12-07-2009, 08:34 AM   #2
estabroo
Senior Member
 
Registered: Jun 2008
Distribution: debian, ubuntu, sidux
Posts: 1,094
Blog Entries: 2

Rep: Reputation: 111Reputation: 111
a tcpwrapped port will go through the full handshake before closing since the wrapper happens after a connect, whereas a closed port gets an immediate reset from the kernel
 
Old 12-07-2009, 01:06 PM   #3
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
@gsmith: the previous poster's explanation sounds reasonable.

I would also recommend that you observe the packets yourself with tcpdump(8) while performing a scan. Look at the packets for an open port and then compare those with the packets for a "tcpwrapped" port.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
tcpwrapped? from nmap scan. deepsix Linux - Security 5 10-05-2010 05:55 PM
LXer: Learn how to use nmap, and nmap GUI, a great port scan tool LXer Syndicated Linux News 0 01-03-2008 09:10 AM
cant see port 25 and 80 after running nmap insenga Linux - Networking 9 05-31-2006 12:55 PM
How can I scan *every* port with nmap? davee Linux - Security 6 12-11-2003 04:44 PM
firewall.rc.config says :"open port 8080" but nmap says port is closed saavik Linux - Security 2 02-14-2002 12:16 PM


All times are GMT -5. The time now is 01:43 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration