How Do You Troubleshoot a False “State” Value in nmap Results?

For troubleshooting networking issues with a Linux/Unix server, the nmap utility is extremely useful.  For Windows with PowerShell version 3, there is a script can help you almost as much as nmap; see this posting if you are interested.  For newer versions of PowerShell, use the Test-NetConnection command.  

Problem scenario
You use nmap to test a port on an IP address.  The results show the "State" as closed, but you know there are packets flowing through the IP address on this port.  How do you troubleshoot nmap with its "State" result is discrepant with other diagnostics?

If the IP address belongs to a server that has a VPN connection, there could be an apparent false result from nmap.  Some VPN tunnels are known to make the nmap results show the state of the IP address for a given port as closed.  This is tantamount to nmap reporting that there is no intermediate blockage to the remote server over the given port and that no packets are flowing through this socket.

Other VPNs on remote servers make the nmap show the state as "filtered" as the port you are testing is blocked by the VPN tunnel.  If you know there are TCP/IP packets from the IP address on the given port and you want nmap to accurately report this, use a VPN tunnel configured in such a way that the nmap command will report the "state" correctly.  Alternatively see if the VPN tunnel can be turned off for your nmap testing needs.

Leave a comment

Your email address will not be published. Required fields are marked *