An Nmap scan will show the target machine's ports in one of three states:

• filtered: This means that the port is blocked by a firewall.
• open: This means that the port is not blocked by a firewall and that the service that's associated with that port is running.
• closed: This means that the port is not blocked by a firewall, and that the service that's associated with that port is not running.

So, in our scan of the Apple machine, we can see that the Secure Shell service is ready to accept connections on port 22, that the print service is ready to accept connections on ports 515 and 631, and that the Virtual Network Computing (VNC) service is ready to accept connections on port 5900. All of these ports would be of interest to a security-minded administrator. If Secure Shell is running, it would be interesting to know if it's configured securely. The fact that the print service is running means that this up to use the Internet Printing Protocol (IPP). It would be interesting to know why we're using IPP instead of just regular network printing, and it would also be interesting to know if there are any security concerns with this version of IPP. And of course, we already know that VNC isn't a secure protocol, so we would want to know why it's even running at all. We also saw that no ports are listed as filtered, so we would also want to know why there's no firewall on this machine.

One little secret that I'll finally reveal is that this machine is the same one that I used for the OpenVAS scan demos. So, we already have some of the needed information. The OpenVAS scan told us that Secure Shell on this machine uses weak encryption algorithms and that there's a security vulnerability with the print service. In just a bit, I'll show you how to get some of that information with Nmap.