Linux – nmap shows opened port but netstat doesn’t

linuxportSecurity

If I scan my server with nmap, it shows that 21 port is opened. But when I login into this server and run netstat, I see nothing.

$ nmap -sT server

Starting Nmap 4.76 ( http://nmap.org ) at 2009-06-24 11:54 MSD
Interesting ports on server (x.x.x.x):
Not shown: 994 filtered ports
PORT     STATE  SERVICE
21/tcp   open   ftp
22/tcp   open   ssh
...

Nmap done: 1 IP address (1 host up) scanned in 7.97 seconds

$ netstat --listen --tcp --numeric

How can it be? Can it be a security issue?

UPD: tcpdump output while connecting with nmap

13:13:02.982805 IP 10.19.10.2.51983 > server.ftp: S 767068541:767068541(0) win 5840 
13:13:04.096705 IP 10.19.10.2.52000 > server.ftp: S 792080356:792080356(0) win 5840 
13:13:04.131169 IP server.ftp > 10.19.10.2.52000: S 3312178661:3312178661(0) ack 792080357 win 32768 
13:13:04.131346 IP 10.19.10.2.52000 > server.ftp: . ack 1 win 46 
13:13:04.131737 IP 10.19.10.2.52000 > server.ftp: R 1:1(0) ack 1 win 46

Best Answer

Are you on the same segment as the server in question? Portscanning via routers can give bogus results.

Related Topic