NMAP is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks and single host. NMAP uses raw IP packets to determine

• Host available on the network
• Application names and versions those hosts are offering
• OS versions they are running
• Type of packet filters and firewalls are in use
• And more…

The output from NAMP is a list of scanned targets, with supplemental information on each depending on the options used. Among other information is the ports table. The table lists

• The port number and protocol
• Service name
• State

The state is

• Open: means that an application on the target machine is listening for connections, packets on the port.
• Filtered: means that a firewall, filter or other network obstacle is blocking the port so that NMAP cannot tell whether it is open or closed.
• Closed: means ports have no application listening on them, though they could open up at any time.
• Unfiltered: means they are responsive to NAMP’s probes, but NAMP cannot determine whether they are open or closed.

NMAP reports the state combinations open|filtered and closed|filtered when it cannot determine which of the two states describes a port.

The port table may include software version details when version detection has been requested.

When an IP protocol scab is requested (-sO), NAMP provides information on supported IP protocols rather than listening ports.

In addition to the ports table, NMAP can provide

• Reverse DNS names
• OS name and version
• Device types
• MAC addresses
• And more…