1

Hi I asked this questions on other forums, and searched on google, but nothing was useful to me. My problem works as a non-privileged used, but whenever I run it as a root, I get:

Starting Nmap 7.01 ( https://nmap.org ) at 2016-07-25 16:21 CEST
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.26 seconds

I am working on a project, that is exploiting services and so on on vulnerable systems, such as Metasploitable. I would very much like it if someone could help me

BetimNeutron
  • 11
  • 2
  • Why do you need nmap to run as root? – DKNUCKLES Jul 25 '16 at 14:24
  • it shows more ports, it performs two different searches based on whether it is as a root or not – BetimNeutron Jul 25 '16 at 14:25
  • Ah interesting. Are you attempting to use `sudo` or logged in as root? – DKNUCKLES Jul 25 '16 at 14:26
  • logged in as root – BetimNeutron Jul 25 '16 at 14:28
  • you cat try `strace nmap localhost` to see where it breaks. – Aria Jul 25 '16 at 14:50
  • When you say it is not working as a root, does it mean it shows you open ports when run as non-root on the same host as target? – void_in Jul 25 '16 at 15:08
  • @void_in yup, exactly! – BetimNeutron Jul 25 '16 at 15:14
  • what's the exact command you are running? – The Illusive Man Jul 25 '16 at 17:34
  • Oh, maybe try with `-P0` – Aria Jul 25 '16 at 18:20
  • Are you performing this internally or externally? Have you tried as suggested by nmap using the `-Pn` option? That way it will scan the host omitting whether it's aliver or not, many firewalls will block ping probes. I had this issue before when running a scan internally and the `-Pn` option solved it. – winsmak Jul 25 '16 at 15:26
  • Yes it gives the same result if I use it with '-Pn', like a non-privileged user gives when called with nmap -p0-65535 , I have no idea what those options mean though, I tried finding them in the website, but I couldn't..do you know what they mean? Are they equivalent to the '-Pn' – BetimNeutron Jul 25 '16 at 15:32
  • `-p 0-65535` is telling nmap to scan all the ports, it's an option to specify the range. `-p0-` doesn't exist `-Pn` is to treat all hosts as alive, -p is to specify a specific port or a list of specific ports, such as `--top-ports ` or `--exclude-ports ` to exclude a number of ports. – winsmak Jul 25 '16 at 16:11
  • 1
    There are plenty of ways in which you can perform host discovery, all of them come under `-P` option. for example `-PU` will perform host discovery using UDP payload, more detailed information can be seen here [nmap-man-host-discovery](https://nmap.org/book/man-host-discovery.html). Using `-Pn` is advised when you are sure that host is up and want to perform scan directly. – Abhishek Singh Jul 25 '16 at 16:28
  • Instead of button-mashing different options to try to get something to work, use the debug output to see exactly what's going on: `nmap -d `. If you suspect a routing problem, use `nmap --route-dst ` to see what Nmap thinks it should be doing. Also try `nmap --iflist` to see what Nmap thinks you have for network interfaces. But asking for help without `-d` output is pretty much useless. – bonsaiviking Jul 25 '16 at 23:16

1 Answers1

1

Nmap uses different scanning methods depending on whether it's running as root or not.

The error you see is normal. Try adding -Pn and you will probably get identical results to the scan you ran as a regular user.

Trey Blalock
  • 14,099
  • 6
  • 43
  • 49