During an external assessment you launch a TCP SYN scan with the command nmap -sS -p 21,22,80 203.0.113.10. The results show 21/tcp closed, 22/tcp filtered, and 80/tcp open. According to Nmap's port-state definitions, which situation best explains why only port 22 appears as filtered while the others are not?
The SSH daemon on port 22 actively rejects unsolicited SYN packets by returning a TCP RST, so Nmap flags the port as filtered.
A firewall is discarding packets to TCP port 22 without sending any response, preventing Nmap from learning whether the port is open or closed.
The target host was unreachable during the probe, so Nmap marked all unresponsive ports, including 22, as filtered until it saw an ICMP error.
Port 22 is listening but restricted to specific IP addresses; Nmap therefore lists it as filtered even though the service is open.
Nmap marks a port as filtered when it receives neither a TCP response nor an ICMP error, indicating that some device-typically a firewall or ACL-is silently discarding the probe packets. An open port would respond with a SYN/ACK, while a closed port would reply with a TCP RST. If the SSH service on port 22 were merely rejecting the connection, Nmap would see a RST and label the port closed. Likewise, if the host were unreachable, all ports would appear filtered or down. Therefore, the most likely explanation is that a firewall rule is dropping traffic specifically destined for TCP port 22, preventing Nmap from determining the port's true state.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a TCP SYN scan in Nmap?
Open an interactive chat with Bash
What does 'filtered' mean in Nmap results?
Open an interactive chat with Bash
How does a firewall affect Nmap scans?
Open an interactive chat with Bash
What does it mean when Nmap marks a port as 'filtered'?
Open an interactive chat with Bash
How does Nmap classify ports with different states?
Open an interactive chat with Bash
What is the difference between a TCP RST and an ICMP error in Nmap scans?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Reconnaissance Techniques
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .