# Nmap Port States Where various port scanners, categorize ports as either open or closed, Nmap categorizes them into **six states**, providing us with a better understanding and more granular details of the port. {% hint style="info" %} These states are not the default states but it is how Nmap perceives them. {% endhint %} **The Six port states** 1. **open** - Finding these ports is the **primary goal**, these are the ports where applications are actively **accepting the TCP, UDP or SCTP connections.**\ **Each open port is can be a route for an attack**.\ These open ports are what attackers and pentester are looking after. They also show us the service available and running. 2. **closed** - These ports are **accessible** they receive and respond to Nmap packets. However, there is **no application listening on it**. They are useful in multiple ways, 1) host discovery 2) Ping Scanning and 3) OS detection. The ports are reachable but are usually **blocked by a firewall** which puts them in a **filtered state**. 3. **filtered** - Here Nmap cannot determine whether the port is open or not because packet filtering prevents the Nmap probe from reaching the port.\ This filtering could be from the firewall device, router rules or host-based firewall software. They provide very little information. These ports sometimes respond with ICMP error messages for instance "destination unreachable: communication administratively prohibited". Such situations can slow down the Nmap scans drastically because the filtering, makes Nmap retry several times just in case the probe was dropped due to network congestion. 4. **unfiltered** - in this state the port is accessible. However, Nmap is unable to determine whether it is open or closed. Only the ACK scan, which is used to map the firewall ruleset, classifies ports into this state.\ Scanning unfiltered ports with other types such as Window scan, SYN scan, or FIN scan, may help resolve whether the port is open. 5. **open | filtered:** Nmap can not figure out whether the port is open or filtered. Here the open ports give no response. The UDP, IP protocol, FIN, NULL, and Xmas scans classify ports this way. 6. **closed | filtered:** Nmap is not able to determine whether the port is closed or filtered. it is only used for the IP ID idle scan --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://darshan-2.gitbook.io/penetration-testing-checklist/port-scanning/nmap-port-states.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.