So, what did was to download gufw, set a rule to allow inbound connections to a specific port or disabled the firewall and rebooted. After that, when I scanned with zenmap I could see that the port was still closed. But when I used nc -l -p port I could see that the port was open. The same thing happened on port 80 when the apache server was running for that machine. Then, I configured the firewall to deny all inbound traffic and rebooted.
I started the apache service and ran nc -l -p port and then scanned with zenmap and it said port 80 and the port chosen by nc were filtered. So, opening a port means making it available to the outside if an application is listening. If it isn't, it will show as "closed" on nmap scans. To sum up, if I want an application to be accessible to the outside, I have to bind it is that the word?
Is this correct? If you could add something to this I would appreciate it, I asked another question similar to this one but at the time I didn't know much about ports and firewalls, so if my conclusions are correct I can answer that question and hopefuly that will be helpful to someone. A port is just a concept for a connection between an application and a layer-4 protocol. There really isn't a "port" as such. When a layer-4 protocol has no application which has requested that layer-4 segments addressed to a particular port number, the port is Closed.
When an application has requested and been granted the use of a port number by a layer-4 protocol, the port is Open. Typing in the command "netstat -an" from a command prompt will list all the active IP addresses on a system, the remote IP address and the state of the address.
The Listening status indicates a port on your computer is waiting for the remote port to give some information. The Established status indicates a remote port is listening for your computer.
The location of resources on a network is indicated by a numeric IP address. If your log shows the address of 0. If the IP address is So if the IP address For example, one piece of hardware may be listening for another piece of hardware to signal that it is done with a task. For those who do not know, TCPView by Sysinternals is a program that shows all listening and established sockets, or connections, on your computer in real time.
It will also tell you what programs are using these particular connections, and who they may be connected to. Being able to see this is extremely important when doing Computer Forensics as you can see what ports are open and what programs are using them allowing you to easily pinpoint where a backdoor on the system may be present.
Now back to the question: When a program is running on a computer that uses TCP and waits for another computer to connect to it, it is said to be "listening" for connections. The program attaches itself to a port on your computer and waits for a connection. When it does this it is what is known as being in a listening state. When a remote computer connects to that particular port and "establishes" a connection, that particular sessions is known as an established session because the two computers are now connected to each other.
To sum it up, a listening port is one that is waiting for a connection. An established port is one that is connected to a remote computer.
You should pay more attention to the program names that are listening on the Internet rather than the ports sometimes. This is common as svchost. Hope this clears up some of your questions. Edited by quietman7, 30 November - PM. Stack Overflow for Teams — Collaborate and share knowledge with a private group. Create a free Team What is Teams? Learn more. Asked 4 years, 11 months ago.
Active 4 years, 11 months ago. Viewed 31k times. Improve this question. Add a comment.
0コメント