Understanding the reason flag

Since we've already covered basic networking—including the TCP three-way handshake—in Chapter 2, Network Fundamentals, you already know what it means for a port to be open, and how that can usually be determined. However, in certain edge cases (and especially for the filtered ports), understanding Nmap's logic behind open, closed, and filtered ports can be extremely useful to understand.

You can determine how Nmap reaches its conclusions by using the --reason flag.

Understanding the reason flag

As demonstrated in the preceding screenshot, a fourth column is now added to the scan after the --reason flag is invoked. In this case, we can clearly see ...

Get Nmap Essentials now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.