View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions How do I understand the results of an nmap scan?
Log in to Ask a Question

How do I understand the results of an nmap scan?

firewall network nmap
Linode Staff

I ran an nmap scan and I'm a bit confused. What do these results mean?

1 Reply

Linode Staff

Nmap, or Network Mapper, is a way to identify which services are running on a network, along with various other characteristics. For example, Linode Support uses nmap to identify whether services are listening, not running, or blocked by a firewall. You can also use arguments and options to specify ports and targets, but the basic output of nmap <ipAddress> will look something like this:

Not shown: 987 filtered ports
PORT     STATE  SERVICE
22/tcp   open   ssh
25/tcp   open   smtp
80/tcp   open   http
110/tcp  closed pop3
143/tcp  closed imap
443/tcp  open   https
465/tcp  open   smtps
587/tcp  open   submission
993/tcp  closed imaps
995/tcp  closed pop3s
8000/tcp closed http-alt
8080/tcp closed http-proxy
8888/tcp closed sun-answerbook

In the output above, you can see a few datapoints. 987 ports on this server are filtered, and the unfiltered services are shown in the rest of the columns.

States

Usually, you'll see either open, filtered, or closed. An open state means that there is a service listening on that port, and it is not blocked by a firewall. That service is accessible via its specified port. Filtered means that there is a network issue, firewall, or filter blocking connections to that port. Nmap cannot tell if a filtered port is open or closed due to the obstacle in place. If a port is filtered and shouldn't be, you'll need to allow access to it via firewall. Closed means that there is no firewall or filter in place, but there is no service listening for connections on that port. This can indicate that the service in question is not running, so you'll need to start the service on your Linode.

Services

The items listed under service show what the port is being used for. For example, you can see that port 22 is in use by SSH, ports 80 and 443 are in use by a web server (HTTP and HTTPS), and ports 25/465/587 are in use by a mail server (smtp, smtps, and submission). These service names will likely not reflect their application (i.e. the service will list HTTP/HTTPS rather than Apache or Nginx).

More information about interpreting nmap results, along with other command line options you can use to further specify your results, can be found here.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct