The Nmap aka Network Mapper is an open source and a very versatile tool for Linux system/network administrators. Nmap is used for exploring networks, perform security scans, network audit and finding open ports on remote machine. It scans for Live hosts, Operating systems, packet filters and open ports running on remote hosts.
Understanding Open, Closed and Filtered
Nmap has a variety of scan types, understanding how the default and most common
SYN scan works is a good place to start to examine how the scan works and interpreting the results.
The 3 way TCP handshake
First a bit of background, during communication with a TCP service, a single connection is established with the TCP 3 way handshake. This involves a
SYN sent to an TCP open port that has a service bound to it, typical examples are HTTP (port 80), SMTP (port 25), POP3 (port 110) or SSH (port 22).