Nmap Connect scan -sT on Windows does not detect closed ports

[dmiller-nmap]

Not sure if this is a fluke on my system or what, but nmap -sT or nmap --unprivileged is not seeing RST responses, so it keeps retransmitting and eventually marks the port as "filtered." This has the effect of making TCP Connect scans take a long time.

[Stefan-mcp]

nmap -sT -p- 10.0.2.5
Starting Nmap 7.80SVN ( https://nmap.org ) at 2020-03-04 22:43 GMT
Nmap scan report for 10.0.2.5
Host is up (0.00064s latency).
Not shown: 65505 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
53/tcp open domain
80/tcp open http
111/tcp open rpcbind
139/tcp open netbios-ssn
445/tcp open microsoft-ds
512/tcp open exec
513/tcp open login
514/tcp open shell
1099/tcp open rmiregistry
1524/tcp open ingreslock
2049/tcp open nfs
2121/tcp open ccproxy-ftp
3306/tcp open mysql
3632/tcp open distccd
5432/tcp open postgresql
5900/tcp open vnc
6000/tcp open X11
6667/tcp open irc
6697/tcp open ircs-u
8009/tcp open ajp13
8180/tcp open unknown
8787/tcp open msgsrvr
33642/tcp open unknown
34725/tcp open unknown
48119/tcp open unknown
60987/tcp open unknown
MAC Address: 08:00:27:A9:C5:6B (Oracle VirtualBox virtual NIC)

Nmap done: 1 IP address (1 host up) scanned in 5.47 seconds

Hi Dmiller,
I built from git about 2hours ago and all seems ok on my kali vm

[Stefan-mcp]

Perhaps someone else could try with the current svn version to see if theres something system dependent or quirky lurking

[dmiller-nmap]

@Stefan-mcp Thanks for the info. This is specific to the Windows builds, though.

[fyodor]

Good catch. I can reproduce this. On my Linux box, "nmap -sT scanme.nmap.org" shoes "992 closed ports" plus 4 filtered (these are correct results) and takes less than 2 seconds. On a Windows VM running under that same system, it takes 51 seconds to run the same command and finds "996 closed ports". This is with Nmap 7.80 official Windows build.