PAM Port Scan Status meaning

book

Article ID: 130082

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)

Issue/Introduction



In "PAM - Configuration - Tools - Networking Tools - Port Scan" you can scan a specific IP and Port to see if the port is open (source being the PAM and destination being the IP entered).
There are several "Status" values and what are they?

Environment

Release:
Component: CAPAMX

Resolution

PAM is not directly checking the destination IP and Port.
In fact, it is executing nmap command locally to check the requested IP and Port and displaying the result.

In the following example, you are trying to see if the destination(172.17.8.1) and port (TCP 80) is open or not.
Port Scan Result shows the port is open.

<Please see attached file for image>

port scan 80
This is equivalent to running the nmap command below.
nmap -p 80 172.17.8.1

<Please see attached file for image>

nmap open

There are several status such as "open", "filtered" and "closed".
What does these status mean?

The status is a result from nmap trying tcp handshake against the destination IP and TCP Port.
OPEN: nmap sent SYN. Destination returned ACK. (It would actually be "SYN/ACK" but I am just trying to explain that destination responded)
CLOSED: nmap sent SYN. Destination reutrned RST.
FILTERED: nmap sent SYN. Destination did not return anything or received icmp error.

OPEN and CLOSE is clear.
CLOSED means the destination, either the OS or whoever is responding, is reporting that there is no service running/listening on this port.

<Please see attached file for image>

port scan closed
This is equivalent to running the nmap command below.
nmap -p 8443 172.17.8.1

<Please see attached file for image>

nmap closed

FILTERED can be due to several reasons such as the firewall dropping the request with no response or the destination was not reachable.

Sample below shows filtered status due to firewall.

<Please see attached file for image>

port scan filtered firewall
This is equivalent to running the nmap command below.
nmap -p 80 172.17.8.1

<Please see attached file for image>

nmap filtered firewall


Following sample shows filtered status due to destination not being reachable.

<Please see attached file for image>

port scan not reachable
This is equivalent to running the nmap command below.
nmap -p 80 192.168.0.1

<Please see attached file for image>

nmap filtered

It can also be due to firewall that is only allowing one way traffic.

Regardless of what the reason is, if the STATE is not "OPEN" then customer will need to work with their network team to find out why.

 

Attachments

1558688206517000130082_sktwi1f5rjvs16fk0.png get_app
1558688204600000130082_sktwi1f5rjvs16fjz.png get_app
1558688202588000130082_sktwi1f5rjvs16fjy.png get_app
1558688200916000130082_sktwi1f5rjvs16fjx.png get_app
1558688198951000130082_sktwi1f5rjvs16fjw.png get_app
1558688197205000130082_sktwi1f5rjvs16fjv.png get_app
1558688195309000130082_sktwi1f5rjvs16fju.png get_app
1558688192331000130082_sktwi1f5rjvs16fjt.png get_app