I'm attempting to do a simple port scan with nmap:
$ nmap 192.168.56.101
Starting Nmap 6.47 ( http://nmap.org ) at 2015-03-10 19:30 IST
Nmap scan report for 192.168.56.101
Host is up (0.0048s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
5555/tcp open freeciv
24800/tcp open unknown
Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds
But when I attempt the same with sudo
, it fails claiming the host is down:
$ sudo nmap 192.168.56.101
Starting Nmap 6.47 ( http://nmap.org ) at 2015-03-10 19:30 IST
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 0.48 seconds
NOTE:
I'm on OS X Yosemite.
GNU bash, version 3.2.57(1)-release (x86_64-apple-darwin14)
Thank you.
Best Answer
By default an unprivileged scan uses -sT (TCP Connect) while privileged (root) uses -sS (TCP SYN Stealth).
TCP Connect (-sT) Connect scan uses the system call of the same name to scan machines, rather than relying on raw packets as most of the other methods do. It is usually used by unprivileged Unix users and against 1Pv6 targets because SYN scan doesn't work in those cases.
TCP SYN Stealth (-sS) This is far and away the most popular scan type because it the fastest way to scan ports of the most popular protocol (TCP). It is stealthier than connect scan, and it works against all functional TCP stacks (unlike some special-purpose scans such as FIN scan).
1) To figure what is happening with your machine I would suggest using the extra verbose mode (-vv) or --packet-trace to see what happens.
2) Another approach would be to force an unprivileged scan as privileged user using the following commands and see the result.
3) Finally the reason why nmap stops the scan is because IMCP Type 8 (echo a.k.a ping) doesn't return an ICMP Type 0 (echo reply). This command ignores ping and keep scanning:
Can you please try those commands and post the output ?