FAQ tcpwrapped

From SecWiki
Jump to: navigation, search

What does "tcpwrapped" mean?

tcpwrapped refers to tcpwrapper, a host-based network access control program on Unix and Linux. When Nmap labels something tcpwrapped, it means that the behavior of the port is consistent with one that is protected by tcpwrapper. Specifically, it means that a full TCP handshake was completed, but the remote host closed the connection without receiving any data.

It is important to note that tcpwrapper protects programs, not ports. This means that a valid (not false-positive) tcpwrapped response indicates a real network service is available, but you are not on the list of hosts allowed to talk with it. When a very large number of ports are shown as tcpwrapped, it is unlikely that they represent real services, so the behavior probably means something else like a load balancer or firewall is intercepting the connection requests.

This page originally appeared as an answer on Security.StackExchange.com and is reproduced here under the Creative Commons Share Alike license