Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 12-07-2009, 08:22 AM   #1
LQ Newbie
Registered: Dec 2009
Posts: 1

Rep: Reputation: 0
How does nmap determine a port is tcpwrapped?

I am scanning a system and nmap reports about 3/4 of the ports are tcpwrapped. Does anyone know how does nmap determines this? receiving no response to a SYN packet should indicate a firewall probably blocking, thus giving a "Filtered" response. Receiving a RST packet back should indicate a closed port, so what indicates a tcpwrapped port?
Old 12-07-2009, 08:34 AM   #2
Senior Member
Registered: Jun 2008
Distribution: debian, ubuntu, sidux
Posts: 1,125
Blog Entries: 2

Rep: Reputation: 124Reputation: 124
a tcpwrapped port will go through the full handshake before closing since the wrapper happens after a connect, whereas a closed port gets an immediate reset from the kernel
Old 12-07-2009, 01:06 PM   #3
Senior Member
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
@gsmith: the previous poster's explanation sounds reasonable.

I would also recommend that you observe the packets yourself with tcpdump(8) while performing a scan. Look at the packets for an open port and then compare those with the packets for a "tcpwrapped" port.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
tcpwrapped? from nmap scan. deepsix Linux - Security 5 10-05-2010 05:55 PM
LXer: Learn how to use nmap, and nmap GUI, a great port scan tool LXer Syndicated Linux News 0 01-03-2008 09:10 AM
cant see port 25 and 80 after running nmap insenga Linux - Networking 9 05-31-2006 12:55 PM
How can I scan *every* port with nmap? davee Linux - Security 6 12-11-2003 04:44 PM
firewall.rc.config says :"open port 8080" but nmap says port is closed saavik Linux - Security 2 02-14-2002 12:16 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:37 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration