On 2020-02-16 04:19, Patrick Dupre wrote:
Hello,
On a server nmap -v -n -Pn -p5900-5910 localhost provides:
Starting Nmap 7.70 ( https://nmap.org ) at 2020-02-15 15:07 EST Initiating SYN Stealth Scan at 15:07 Scanning localhost (127.0.0.1) [11 ports] Completed SYN Stealth Scan at 15:07, 0.42s elapsed (11 total ports) Nmap scan report for localhost (127.0.0.1) Host is up (0.000015s latency). Other addresses for localhost (not scanned): ::1
PORT STATE SERVICE 5900/tcp closed vnc 5901/tcp closed vnc-1 5902/tcp closed vnc-2 5903/tcp closed vnc-3 5904/tcp closed unknown 5905/tcp closed unknown 5906/tcp closed unknown 5907/tcp closed unknown 5908/tcp closed unknown 5909/tcp closed unknown 5910/tcp closed cm
Oh, BTW, that nmap command is operating on the localhost and won't be a good indication of a port's status to the outside world.
Example, using the host f31k.
If I am connected to f31k and issue the command I get
PORT STATE SERVICE 5900/tcp closed vnc 5901/tcp closed vnc-1 5902/tcp closed vnc-2 5903/tcp closed vnc-3 5904/tcp closed unknown 5905/tcp closed unknown 5906/tcp closed unknown 5907/tcp closed unknown 5908/tcp closed unknown 5909/tcp closed unknown 5910/tcp closed cm
Which ONLY means no service is running and listening on those ports.
Running from a remote host I get
PORT STATE SERVICE 5900/tcp filtered vnc 5901/tcp filtered vnc-1 5902/tcp filtered vnc-2 5903/tcp filtered vnc-3 5904/tcp filtered unknown 5905/tcp filtered unknown 5906/tcp filtered unknown 5907/tcp filtered unknown 5908/tcp filtered unknown 5909/tcp filtered unknown 5910/tcp filtered cm
And "filtered" means there is a firewall rule in effect.
If you were to open the port, the remote system will report "closed" if there is no service running on the port.