A lot of people seem to ask this question, as there are a bunch of posts about it; however I feel like none truly answer the question (that I have found).
I want to understand why NMAPNmap decides to tell me that a specific port is "FILTERED""filtered" when there are technically over 60,000 "filtered" ports.
For the sake of this example...
My host (192.168.1.100) is listening on ports TCP 80, 443 and 3389
My firewall only permits TCP 80, 443, 135 and 445 (not 3389)
192.168.1.100 80 open 192.168.1.100 135 closed 192.168.1.100 443 open 192.168.1.100 445 closed 192.168.1.100 3389 filteredSince my host is not listening on TCP 135 and 445, it responds with a TCP RSTRST, and thus it is "closed"
Since my firewall is not permitting TCP 3389, it is technically filtered
However, this is what I dontdon't get.: TCP ports 21, 22, 23, 24, 25, 26, etc are ALL filtered by the firewall (ie, not permitted), but NMAPNmap only tells me this particular port (3389) is being filtered.
Why?! Should it not be a gigantic list like this:
192.168.1.100 1 filtered
192.168.1.100 2 filtered
192.168.1.100 3 filtered
192.168.1.100 4 filtered
192.168.1.100 5 filtered
... ... ...
192.168.1.100 76 filtered
192.168.1.100 77 filtered
192.168.1.100 78 filtered
192.168.1.100 79 filtered
192.168.1.100 80 open
... ... ...
192.168.1.100 131 filtered
192.168.1.100 132 filtered
192.168.1.100 133 filtered
192.168.1.100 134 filtered
192.168.1.100 135 closed
etc...
