When my network settings is set to NAT and interface is eth0, this is the output of a simple nmap scan
root@pc:~# nmap 192.168.0.0/24 Starting Nmap 7.60 ( https://nmap.org ) at 2018-03-04 18:47 EST Nmap scan report for 192.168.0.1 Host is up (0.00033s latency). Not shown: 995 filtered ports PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 1688/tcp open nsjtp-data 2869/tcp open icslap MAC Address: 00:50:56:C0:00:08 (VMware) Nmap scan report for 192.168.0.2 Host is up (0.000058s latency). Not shown: 999 closed ports PORT STATE SERVICE 53/tcp open domain MAC Address: 00:50:56:FD:A1:12 (VMware) Nmap scan report for 192.168.0.254 Host is up (0.000040s latency). All 1000 scanned ports on 192.168.0.254 are filtered MAC Address: 00:50:56:F9:42:C8 (VMware) Nmap scan report for 192.168.0.3 Host is up (0.0000020s latency). Not shown: 999 closed ports PORT STATE SERVICE 80/tcp open http Nmap done: 256 IP addresses (4 hosts up) scanned in 8.39 seconds
Only vmware machines are detected and the router in this scan, 192.168.0.1 is actually my windows pc running kali, acting as a router. This is also the case for bridged, host-only, whichever mode that shares adapter with vm host.
When I switched to a dedicated wifi adapter, wlan0 and connect to the network by wifi instead of wired, nmap scan output is:
root@Batman:~# nmap 192.168.0.0/24 Starting Nmap 7.60 ( https://nmap.org ) at 2018-03-04 18:52 EST Nmap scan report for 192.168.0.1 Host is up (0.0065s latency). Not shown: 998 closed ports PORT STATE SERVICE 80/tcp open http 52869/tcp open unknown MAC Address: 54:B8:0A:12:65:E4 (D-Link International) Nmap scan report for 192.168.0.3 Host is up (0.011s latency). Not shown: 999 closed ports PORT STATE SERVICE 62078/tcp open iphone-sync MAC Address: 00:26:BB:BC:A4:D3 (Apple) Nmap scan report for 192.168.0.5 Host is up (0.0068s latency). Not shown: 999 closed ports PORT STATE SERVICE 5060/tcp filtered sip MAC Address: F8:23:B2:65:7A:01 (Huawei Technologies) Nmap scan report for 192.168.0.6 Host is up (0.0040s latency). Not shown: 995 filtered ports PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 1688/tcp open nsjtp-data 2869/tcp open icslap MAC Address: C0:18:85:0D:BE:93 (Hon Hai Precision Ind.) Nmap scan report for 192.168.0.8 Host is up (0.0058s latency). Not shown: 994 filtered ports PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 554/tcp open rtsp 2869/tcp open icslap 10243/tcp open unknown MAC Address: 00:26:C6:BF:01:34 (Intel Corporate) Nmap scan report for 192.168.0.9 Host is up (0.0000020s latency). Not shown: 999 closed ports PORT STATE SERVICE 80/tcp open http Nmap done: 256 IP addresses (6 hosts up) scanned in 60.02 seconds
With wifi, nmap can detect all the actual physical hosts (smartphones, tablets, other pcs...) in my network and the router is D-Link.
How could I configure the settings in order to make nmap able scan physical hosts in NAT?