Any port scanner launched from the LAN would give the same results.

I don't think I've stated anywhere that OSX's Port Scan is unique in this. So yes, other internally-based scanners will very likely give exactly the same result. (When I used it I wasn't to know this).

What I would take issue with is that, in Port Scan, OSX in no way warns against this. Indeed, it invites you to test any IP; you actually give it the precise IP to go away and test. So it is, in my view, Apple who are at fault. Port Scan should have recognised that I'd entered an Internet IP and warned that the result was not to be trusted. I can only hope that Apple's modified its workings and incorporated qualifiers in newer versions of OSX. I'm afraid that this has been a not untypical case of Apple simply having not provided enough information to the user.

In reply to a post by meditator:

What I would take issue with is that, in Port Scan, OSX in no way warns against this. Indeed, it invites you to test any IP; you actually give it the precise IP to go away and test. So it is, in my view, Apple who are at fault

This is the way it's supposed to work.

It's a tool which allows you to scan any IP address for open ports. It makes no distinction between local RFC 1918 and internet routed IP addresses, nor should it. It's just like other port scanners including nmap, Angry IP scanner and many others.

Bear in mind that your OS X device doesn't actually know what the external IP address of the router is so it can hardly flag up a warning when you ask to scan it. It only knows that its default gateway is the internal LAN address of the router.

Please don't blame the tools because you don't fully understand their use and the results they give.

Edited by caffn8me (Mon 20-Mar-17 13:59:08)