The reason switch

Note that, in the output from the UDP scan, some ports are reported as open/filtered. This indicates that Nmap cannot determine whether the port is open or is filtered by a device such as a firewall. Unlike TCP ports that respond with a RST packet when they are closed, UDP ports respond with an ICMP packet when they are closed. This can make scans far less reliable, as often the ICMP response is blocked or dropped by intermediate devices (firewalls or routers).

Nmap has a switch that will return the reason why it has placed a particular port in a particular state. For instance, we can run the same UDP scan as before with the --reason switch and Nmap will return the same results, but this time it will give us the reason it has determined the particular state of the port. Type nmap -sU --reason 192.168.10.70:

Note that, in the preceding screenshot, I have highlighted the REASON why Nmap has found that port 123 is either open or filtered. Nmap tells us that it received no response, so it doesn't know if that port is open or filtered: