$ nmap 192.168.225.22
Starting Nmap 7.92 ( https://nmap.org ) at 2021-08-21 19:40 IST
Nmap scan report for home (192.168.225.22)
Host is up (0.00010s latency).
All 1000 scanned ports on home (192.168.225.22) are in ignored states.
Not shown: 1000 closed tcp ports (conn-refused)
Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds
Q1) What exactly is the meaning of “are in ignored states” ?
Q2) Its says 1000 closed ports but also adds “conn-refused”.
What does nmap mean by conn-refused ?
I have used used nmap for a long time but never seen “are in ignored states” & “conn-refused”.
I tried to search the internet using those 2 terms but couldn’t find anything useful.
When an application tries to connect to a host and port using TCP, the application listening on that port answers that connect. However, when there is no application listening on a port that receives a connection attempt, TCP states that there should be an ICMP response that states that nothing is listening on that combination of host and port. That response informs the connecting application that there either was an error with the target (host or port), or that the application that should pick up that connection is not started.
I cannot say lots to the “ignored states” status, however, I would read that as “nmap should not list those”, contrary to listing all ports where a connection was successfully established. You can probably read more in the manual for nmap (which is, admittedly, rather large).
I guess the nmap devs must have added new features to nmap. Since these are new features users who are using the latest version are able see these additions. Since Arch is bleeding edge it has the latest nmap in the repos.
This is only a guess based on the fact that there isn’t much info on the web about these results. I am not sure about this.