Why would ping succeed but nmap fail?
Why does Nmap report "Host seems down" when a simple ping succeeds?
me@computer:~$ ping 123.45.67.89
PING 123.45.67.89 (123.45.67.89) 56(84) bytes of data.
64 bytes from 123.45.67.89: icmp_req=1 ttl=45 time=91.1 ms
64 bytes from 123.45.67.89: icmp_req=2 ttl=45 time=102 ms
64 bytes from 123.45.67.89: icmp_req=3 ttl=45 time=100 ms
^C
--- 123.45.67.894 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 91.136/98.182/102.417/5.022 ms
me@computer:~$ nmap 123.45.67.89
Starting Nmap 5.21 ( http://nmap.org ) at 2014-04-02 14:23 EDT
Note: Host seems down. If it is really up, but blocking our ping probes, try -PN
Nmap done: 1 IP address (0 hosts up) scanned in 3.04 seconds
Are Nmap's "ping probes" different from the command line ping?
nmap
asked Apr 2 '14 at 18:32
AShellyAShelly
2191515
migrated from security.stackexchange.com Apr 3 '14 at 19:23
This question came from our site for information security professionals.
add a comment |
Why does Nmap report "Host seems down" when a simple ping succeeds?
me@computer:~$ ping 123.45.67.89
PING 123.45.67.89 (123.45.67.89) 56(84) bytes of data.
64 bytes from 123.45.67.89: icmp_req=1 ttl=45 time=91.1 ms
64 bytes from 123.45.67.89: icmp_req=2 ttl=45 time=102 ms
64 bytes from 123.45.67.89: icmp_req=3 ttl=45 time=100 ms
^C
--- 123.45.67.894 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 91.136/98.182/102.417/5.022 ms
me@computer:~$ nmap 123.45.67.89
Starting Nmap 5.21 ( http://nmap.org ) at 2014-04-02 14:23 EDT
Note: Host seems down. If it is really up, but blocking our ping probes, try -PN
Nmap done: 1 IP address (0 hosts up) scanned in 3.04 seconds
Are Nmap's "ping probes" different from the command line ping?
nmap
asked Apr 2 '14 at 18:32
AShellyAShelly
2191515
migrated from security.stackexchange.com Apr 3 '14 at 19:23
This question came from our site for information security professionals.
Might I suggest you upgrade your installation of Nmap? The current version is 6.40. Version 5.21 is 4 years old and is missing 361 NSE scripts and thousands of service and OS fingerprints.
– bonsaiviking
Apr 2 '14 at 19:24
Thanks. 5.21 is the version I apt-got by default. I guess I'll go download and build the latest.
– AShelly
Apr 2 '14 at 19:41
Yeah, Ubuntu is woefully behind on Nmap. You could check the dependencies on the .deb from Kali, which is current.
– bonsaiviking
Apr 2 '14 at 19:57
add a comment |
Why does Nmap report "Host seems down" when a simple ping succeeds?
me@computer:~$ ping 123.45.67.89
PING 123.45.67.89 (123.45.67.89) 56(84) bytes of data.
64 bytes from 123.45.67.89: icmp_req=1 ttl=45 time=91.1 ms
64 bytes from 123.45.67.89: icmp_req=2 ttl=45 time=102 ms
64 bytes from 123.45.67.89: icmp_req=3 ttl=45 time=100 ms
^C
--- 123.45.67.894 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 91.136/98.182/102.417/5.022 ms
me@computer:~$ nmap 123.45.67.89
Starting Nmap 5.21 ( http://nmap.org ) at 2014-04-02 14:23 EDT
Note: Host seems down. If it is really up, but blocking our ping probes, try -PN
Nmap done: 1 IP address (0 hosts up) scanned in 3.04 seconds
Are Nmap's "ping probes" different from the command line ping?
nmap
asked Apr 2 '14 at 18:32
AShellyAShelly
2191515
Why does Nmap report "Host seems down" when a simple ping succeeds?
me@computer:~$ ping 123.45.67.89
PING 123.45.67.89 (123.45.67.89) 56(84) bytes of data.
64 bytes from 123.45.67.89: icmp_req=1 ttl=45 time=91.1 ms
64 bytes from 123.45.67.89: icmp_req=2 ttl=45 time=102 ms
64 bytes from 123.45.67.89: icmp_req=3 ttl=45 time=100 ms
^C
--- 123.45.67.894 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 91.136/98.182/102.417/5.022 ms
me@computer:~$ nmap 123.45.67.89
Starting Nmap 5.21 ( http://nmap.org ) at 2014-04-02 14:23 EDT
Note: Host seems down. If it is really up, but blocking our ping probes, try -PN
Nmap done: 1 IP address (0 hosts up) scanned in 3.04 seconds
Are Nmap's "ping probes" different from the command line ping?
nmap
nmap
asked Apr 2 '14 at 18:32
AShellyAShelly
2191515
asked Apr 2 '14 at 18:32
AShellyAShelly
2191515
asked Apr 2 '14 at 18:32
AShellyAShelly
2191515
asked Apr 2 '14 at 18:32
AShellyAShelly
2191515
asked Apr 2 '14 at 18:32
AShellyAShelly
2191515
2191515
migrated from security.stackexchange.com Apr 3 '14 at 19:23
This question came from our site for information security professionals.
migrated from security.stackexchange.com Apr 3 '14 at 19:23
This question came from our site for information security professionals.
Might I suggest you upgrade your installation of Nmap? The current version is 6.40. Version 5.21 is 4 years old and is missing 361 NSE scripts and thousands of service and OS fingerprints.
– bonsaiviking
Apr 2 '14 at 19:24
Thanks. 5.21 is the version I apt-got by default. I guess I'll go download and build the latest.
– AShelly
Apr 2 '14 at 19:41
Yeah, Ubuntu is woefully behind on Nmap. You could check the dependencies on the .deb from Kali, which is current.
– bonsaiviking
Apr 2 '14 at 19:57
add a comment |
Might I suggest you upgrade your installation of Nmap? The current version is 6.40. Version 5.21 is 4 years old and is missing 361 NSE scripts and thousands of service and OS fingerprints.
– bonsaiviking
Apr 2 '14 at 19:24
Thanks. 5.21 is the version I apt-got by default. I guess I'll go download and build the latest.
– AShelly
Apr 2 '14 at 19:41
Yeah, Ubuntu is woefully behind on Nmap. You could check the dependencies on the .deb from Kali, which is current.
– bonsaiviking
Apr 2 '14 at 19:57
Might I suggest you upgrade your installation of Nmap? The current version is 6.40. Version 5.21 is 4 years old and is missing 361 NSE scripts and thousands of service and OS fingerprints.
– bonsaiviking
Apr 2 '14 at 19:24
Might I suggest you upgrade your installation of Nmap? The current version is 6.40. Version 5.21 is 4 years old and is missing 361 NSE scripts and thousands of service and OS fingerprints.
– bonsaiviking
Apr 2 '14 at 19:24
Thanks. 5.21 is the version I apt-got by default. I guess I'll go download and build the latest.
– AShelly
Apr 2 '14 at 19:41
Thanks. 5.21 is the version I apt-got by default. I guess I'll go download and build the latest.
– AShelly
Apr 2 '14 at 19:41
Yeah, Ubuntu is woefully behind on Nmap. You could check the dependencies on the .deb from Kali, which is current.
– bonsaiviking
Apr 2 '14 at 19:57
Yeah, Ubuntu is woefully behind on Nmap. You could check the dependencies on the .deb from Kali, which is current.
– bonsaiviking
Apr 2 '14 at 19:57
add a comment |
3 Answers
3
active
oldest
votes
Nmap sends many different probes to determine if a host is up. In your specific case, because you are running Nmap without root privileges, it cannot send ICMP Echo requests, which is what the ping utility uses. In this case, it tries to connect to port 80 and port 443, reporting the host as up if the connection is opened or rejected. Your target must have a firewall which is dropping all traffic to those ports.
To allow Nmap to find the system, try running it with root permissions. The sudo command is frequently used for this purpose, e.g. sudo nmap 123.45.67.89
ping can send ICMP packets because it is installed setuid to root, meaning that any user can run it, but it will run as the root user when they do. Setuid programs must be extra super careful about not letting regular users gain a shell through this extra permission. Nmap in particular cannot prevent this privilege escalation, so it should never be made setuid.
answered Apr 2 '14 at 19:19
bonsaivikingbonsaiviking
1,35888
I am on Windows and still getting same error while running it in cmd with admin rights. Ping is always fine.
– shashwat
Oct 28 '15 at 5:21
2
I'm root but have this problem
– vladkras
Feb 21 '17 at 9:05
Without root/sudo, how can ping do an ICMP ECHO but not nmap?
– MikeP
Mar 27 '18 at 16:21
1
@MikeP/bin/pingis setuid-root. No matter who runs it, it runs with root privilege. Setuid programs must be thoroughly tested to ensure they cannot be used to run arbitrary commands. Nmap is not capable of being safely installed setuid-root, so you must use some other mechanism: root's password or sudo.
– bonsaiviking
Mar 27 '18 at 19:47
add a comment |
Yes they are different by default, ping is ICMP, and nmap ping sends a syn package to port 80 if I remember correctly, try using the -PE, -PM, -PP flags to make it do an ICMP ping
add a comment |
without privilege, you can scan the port with netcat :
nc -z -w5 hostname 22; echo $?
answer 1 if failed, otherwise answer :
Connection to hostname 22 port [tcp/ssh] succeeded!
0
answered Nov 28 '16 at 10:01
douardodouardo
111
Its best to quote and cite answers when you refer to them, the order of answers, can change daily. This answer itself has changed the order of the anwers to this question.
– Ramhound
Nov 28 '16 at 13:49
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f737431%2fwhy-would-ping-succeed-but-nmap-fail%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
Nmap sends many different probes to determine if a host is up. In your specific case, because you are running Nmap without root privileges, it cannot send ICMP Echo requests, which is what the ping utility uses. In this case, it tries to connect to port 80 and port 443, reporting the host as up if the connection is opened or rejected. Your target must have a firewall which is dropping all traffic to those ports.
To allow Nmap to find the system, try running it with root permissions. The sudo command is frequently used for this purpose, e.g. sudo nmap 123.45.67.89
ping can send ICMP packets because it is installed setuid to root, meaning that any user can run it, but it will run as the root user when they do. Setuid programs must be extra super careful about not letting regular users gain a shell through this extra permission. Nmap in particular cannot prevent this privilege escalation, so it should never be made setuid.
answered Apr 2 '14 at 19:19
bonsaivikingbonsaiviking
1,35888
I am on Windows and still getting same error while running it in cmd with admin rights. Ping is always fine.
– shashwat
Oct 28 '15 at 5:21
2
I'm root but have this problem
– vladkras
Feb 21 '17 at 9:05
Without root/sudo, how can ping do an ICMP ECHO but not nmap?
– MikeP
Mar 27 '18 at 16:21
1
@MikeP/bin/pingis setuid-root. No matter who runs it, it runs with root privilege. Setuid programs must be thoroughly tested to ensure they cannot be used to run arbitrary commands. Nmap is not capable of being safely installed setuid-root, so you must use some other mechanism: root's password or sudo.
– bonsaiviking
Mar 27 '18 at 19:47
add a comment |
Nmap sends many different probes to determine if a host is up. In your specific case, because you are running Nmap without root privileges, it cannot send ICMP Echo requests, which is what the ping utility uses. In this case, it tries to connect to port 80 and port 443, reporting the host as up if the connection is opened or rejected. Your target must have a firewall which is dropping all traffic to those ports.
To allow Nmap to find the system, try running it with root permissions. The sudo command is frequently used for this purpose, e.g. sudo nmap 123.45.67.89
ping can send ICMP packets because it is installed setuid to root, meaning that any user can run it, but it will run as the root user when they do. Setuid programs must be extra super careful about not letting regular users gain a shell through this extra permission. Nmap in particular cannot prevent this privilege escalation, so it should never be made setuid.
answered Apr 2 '14 at 19:19
bonsaivikingbonsaiviking
1,35888
I am on Windows and still getting same error while running it in cmd with admin rights. Ping is always fine.
– shashwat
Oct 28 '15 at 5:21
2
I'm root but have this problem
– vladkras
Feb 21 '17 at 9:05
Without root/sudo, how can ping do an ICMP ECHO but not nmap?
– MikeP
Mar 27 '18 at 16:21
1
@MikeP/bin/pingis setuid-root. No matter who runs it, it runs with root privilege. Setuid programs must be thoroughly tested to ensure they cannot be used to run arbitrary commands. Nmap is not capable of being safely installed setuid-root, so you must use some other mechanism: root's password or sudo.
– bonsaiviking
Mar 27 '18 at 19:47
add a comment |
Nmap sends many different probes to determine if a host is up. In your specific case, because you are running Nmap without root privileges, it cannot send ICMP Echo requests, which is what the ping utility uses. In this case, it tries to connect to port 80 and port 443, reporting the host as up if the connection is opened or rejected. Your target must have a firewall which is dropping all traffic to those ports.
To allow Nmap to find the system, try running it with root permissions. The sudo command is frequently used for this purpose, e.g. sudo nmap 123.45.67.89
ping can send ICMP packets because it is installed setuid to root, meaning that any user can run it, but it will run as the root user when they do. Setuid programs must be extra super careful about not letting regular users gain a shell through this extra permission. Nmap in particular cannot prevent this privilege escalation, so it should never be made setuid.
answered Apr 2 '14 at 19:19
bonsaivikingbonsaiviking
1,35888
Nmap sends many different probes to determine if a host is up. In your specific case, because you are running Nmap without root privileges, it cannot send ICMP Echo requests, which is what the ping utility uses. In this case, it tries to connect to port 80 and port 443, reporting the host as up if the connection is opened or rejected. Your target must have a firewall which is dropping all traffic to those ports.
To allow Nmap to find the system, try running it with root permissions. The sudo command is frequently used for this purpose, e.g. sudo nmap 123.45.67.89
ping can send ICMP packets because it is installed setuid to root, meaning that any user can run it, but it will run as the root user when they do. Setuid programs must be extra super careful about not letting regular users gain a shell through this extra permission. Nmap in particular cannot prevent this privilege escalation, so it should never be made setuid.
answered Apr 2 '14 at 19:19
bonsaivikingbonsaiviking
1,35888
answered Apr 2 '14 at 19:19
bonsaivikingbonsaiviking
1,35888
answered Apr 2 '14 at 19:19
bonsaivikingbonsaiviking
1,35888
answered Apr 2 '14 at 19:19
bonsaivikingbonsaiviking
1,35888
1,35888
I am on Windows and still getting same error while running it in cmd with admin rights. Ping is always fine.
– shashwat
Oct 28 '15 at 5:21
2
I'm root but have this problem
– vladkras
Feb 21 '17 at 9:05
Without root/sudo, how can ping do an ICMP ECHO but not nmap?
– MikeP
Mar 27 '18 at 16:21
1
@MikeP/bin/pingis setuid-root. No matter who runs it, it runs with root privilege. Setuid programs must be thoroughly tested to ensure they cannot be used to run arbitrary commands. Nmap is not capable of being safely installed setuid-root, so you must use some other mechanism: root's password or sudo.
– bonsaiviking
Mar 27 '18 at 19:47
add a comment |
I am on Windows and still getting same error while running it in cmd with admin rights. Ping is always fine.
– shashwat
Oct 28 '15 at 5:21
2
I'm root but have this problem
– vladkras
Feb 21 '17 at 9:05
Without root/sudo, how can ping do an ICMP ECHO but not nmap?
– MikeP
Mar 27 '18 at 16:21
1
@MikeP/bin/pingis setuid-root. No matter who runs it, it runs with root privilege. Setuid programs must be thoroughly tested to ensure they cannot be used to run arbitrary commands. Nmap is not capable of being safely installed setuid-root, so you must use some other mechanism: root's password or sudo.
– bonsaiviking
Mar 27 '18 at 19:47
I am on Windows and still getting same error while running it in cmd with admin rights. Ping is always fine.
– shashwat
Oct 28 '15 at 5:21
I am on Windows and still getting same error while running it in cmd with admin rights. Ping is always fine.
– shashwat
Oct 28 '15 at 5:21
2
2
I'm root but have this problem
– vladkras
Feb 21 '17 at 9:05
I'm root but have this problem
– vladkras
Feb 21 '17 at 9:05
Without root/sudo, how can ping do an ICMP ECHO but not nmap?
– MikeP
Mar 27 '18 at 16:21
Without root/sudo, how can ping do an ICMP ECHO but not nmap?
– MikeP
Mar 27 '18 at 16:21
1
1
@MikeP
/bin/ping is setuid-root. No matter who runs it, it runs with root privilege. Setuid programs must be thoroughly tested to ensure they cannot be used to run arbitrary commands. Nmap is not capable of being safely installed setuid-root, so you must use some other mechanism: root's password or sudo.– bonsaiviking
Mar 27 '18 at 19:47
@MikeP
/bin/ping is setuid-root. No matter who runs it, it runs with root privilege. Setuid programs must be thoroughly tested to ensure they cannot be used to run arbitrary commands. Nmap is not capable of being safely installed setuid-root, so you must use some other mechanism: root's password or sudo.– bonsaiviking
Mar 27 '18 at 19:47
add a comment |
Yes they are different by default, ping is ICMP, and nmap ping sends a syn package to port 80 if I remember correctly, try using the -PE, -PM, -PP flags to make it do an ICMP ping
add a comment |
Yes they are different by default, ping is ICMP, and nmap ping sends a syn package to port 80 if I remember correctly, try using the -PE, -PM, -PP flags to make it do an ICMP ping
add a comment |
Yes they are different by default, ping is ICMP, and nmap ping sends a syn package to port 80 if I remember correctly, try using the -PE, -PM, -PP flags to make it do an ICMP ping
Yes they are different by default, ping is ICMP, and nmap ping sends a syn package to port 80 if I remember correctly, try using the -PE, -PM, -PP flags to make it do an ICMP ping
answered Apr 2 '14 at 19:03
Kotzu
add a comment |
add a comment |
without privilege, you can scan the port with netcat :
nc -z -w5 hostname 22; echo $?
answer 1 if failed, otherwise answer :
Connection to hostname 22 port [tcp/ssh] succeeded!
0
answered Nov 28 '16 at 10:01
douardodouardo
111
Its best to quote and cite answers when you refer to them, the order of answers, can change daily. This answer itself has changed the order of the anwers to this question.
– Ramhound
Nov 28 '16 at 13:49
add a comment |
without privilege, you can scan the port with netcat :
nc -z -w5 hostname 22; echo $?
answer 1 if failed, otherwise answer :
Connection to hostname 22 port [tcp/ssh] succeeded!
0
answered Nov 28 '16 at 10:01
douardodouardo
111
Its best to quote and cite answers when you refer to them, the order of answers, can change daily. This answer itself has changed the order of the anwers to this question.
– Ramhound
Nov 28 '16 at 13:49
add a comment |
without privilege, you can scan the port with netcat :
nc -z -w5 hostname 22; echo $?
answer 1 if failed, otherwise answer :
Connection to hostname 22 port [tcp/ssh] succeeded!
0
answered Nov 28 '16 at 10:01
douardodouardo
111
without privilege, you can scan the port with netcat :
nc -z -w5 hostname 22; echo $?
answer 1 if failed, otherwise answer :
Connection to hostname 22 port [tcp/ssh] succeeded!
0
answered Nov 28 '16 at 10:01
douardodouardo
111
answered Nov 28 '16 at 10:01
douardodouardo
111
answered Nov 28 '16 at 10:01
douardodouardo
111
answered Nov 28 '16 at 10:01
douardodouardo
111
111
Its best to quote and cite answers when you refer to them, the order of answers, can change daily. This answer itself has changed the order of the anwers to this question.
– Ramhound
Nov 28 '16 at 13:49
add a comment |
Its best to quote and cite answers when you refer to them, the order of answers, can change daily. This answer itself has changed the order of the anwers to this question.
– Ramhound
Nov 28 '16 at 13:49
Its best to quote and cite answers when you refer to them, the order of answers, can change daily. This answer itself has changed the order of the anwers to this question.
– Ramhound
Nov 28 '16 at 13:49
Its best to quote and cite answers when you refer to them, the order of answers, can change daily. This answer itself has changed the order of the anwers to this question.
– Ramhound
Nov 28 '16 at 13:49
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f737431%2fwhy-would-ping-succeed-but-nmap-fail%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Might I suggest you upgrade your installation of Nmap? The current version is 6.40. Version 5.21 is 4 years old and is missing 361 NSE scripts and thousands of service and OS fingerprints.
– bonsaiviking
Apr 2 '14 at 19:24
Thanks. 5.21 is the version I apt-got by default. I guess I'll go download and build the latest.
– AShelly
Apr 2 '14 at 19:41
Yeah, Ubuntu is woefully behind on Nmap. You could check the dependencies on the .deb from Kali, which is current.
– bonsaiviking
Apr 2 '14 at 19:57