I am learning to use Nmap. I set up pidgin which uses port 5222(xmpp) for chatting. But when I scan my ports, port 5222 is shown as closed. But chat is working. How is this possible?
Asked
Active
Viewed 640 times
-1
-
This question would be more suitable for the Information Security stackexchange. So that people know what is going on, you should include the output of netstat so we can see what ports actually are open, and say what nmap parameters you are using. – Colin Phipps May 16 '15 at 08:46
1 Answers
0
Before you can meaningfully use a program like Nmap, you need to understand more about how basic network protocols work. In this case, XMPP uses TCP to communicate. Your chat program is a TCP client, so it does not listen on any ports, but instead connects to a server which is listening on TCP port 5222. You can see this connection by using the program netstat, which is included in most operating systems. On Windows: netstat -an | findstr "5222". On Linux: netstat -an | grep 5222.
You should see two columns that contain IP addresses and port numbers. The address of the chat server will be listed with the number 5222, because that is the port that the server is using. The address of your computer will be listed with a high-numbered port like 35791. The server has to use a known port in order for you to contact it, but the source port your computer uses is included in the TCP packets like a "return address" on an envelope.
Nmap (like other port scanners) looks for services on listening ports. It would be able to discover a chat server, but not the chat client. Similarly, it could find a web server, but couldn't look for a web browser because the browser is a client that makes outgoing connections, not a service that listens for incoming connections.
bonsaiviking
- 5,825
- 1
- 20
- 35