Why would ping succeed but nmap fail?

Why does Nmap report "Host seems down" when a simple ping succeeds?

me@computer:~$ ping 123.45.67.89
PING 123.45.67.89 (123.45.67.89) 56(84) bytes of data.
64 bytes from 123.45.67.89: icmp_req=1 ttl=45 time=91.1 ms
64 bytes from 123.45.67.89: icmp_req=2 ttl=45 time=102 ms
64 bytes from 123.45.67.89: icmp_req=3 ttl=45 time=100 ms
^C
--- 123.45.67.894 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 91.136/98.182/102.417/5.022 ms

me@computer:~$ nmap 123.45.67.89

Starting Nmap 5.21 ( http://nmap.org ) at 2014-04-02 14:23 EDT
Note: Host seems down. If it is really up, but blocking our ping probes, try -PN
Nmap done: 1 IP address (0 hosts up) scanned in 3.04 seconds

Are Nmap's "ping probes" different from the command line ping?

nmap

AShelly

Posted 2014-04-02T18:32:13.937

Reputation: 369

Might I suggest you upgrade your installation of Nmap? The current version is 6.40. Version 5.21 is 4 years old and is missing 361 NSE scripts and thousands of service and OS fingerprints.

– bonsaiviking – 2014-04-02T19:24:38.017

Thanks. 5.21 is the version I apt-got by default. I guess I'll go download and build the latest. – AShelly – 2014-04-02T19:41:17.093

Yeah, Ubuntu is woefully behind on Nmap. You could check the dependencies on the .deb from Kali, which is current.

– bonsaiviking – 2014-04-02T19:57:59.393

Answers

Nmap sends many different probes to determine if a host is up. In your specific case, because you are running Nmap without root privileges, it cannot send ICMP Echo requests, which is what the ping utility uses. In this case, it tries to connect to port 80 and port 443, reporting the host as up if the connection is opened or rejected. Your target must have a firewall which is dropping all traffic to those ports.

To allow Nmap to find the system, try running it with root permissions. The sudo command is frequently used for this purpose, e.g. sudo nmap 123.45.67.89

ping can send ICMP packets because it is installed setuid to root, meaning that any user can run it, but it will run as the root user when they do. Setuid programs must be extra super careful about not letting regular users gain a shell through this extra permission. Nmap in particular cannot prevent this privilege escalation, so it should never be made setuid.

bonsaiviking

Posted 2014-04-02T18:32:13.937

Reputation: 1 563

I am on Windows and still getting same error while running it in cmd with admin rights. Ping is always fine. – shashwat – 2015-10-28T05:21:17.623

2I'm root but have this problem – vladkras – 2017-02-21T09:05:41.430

Without root/sudo, how can ping do an ICMP ECHO but not nmap? – MikeP – 2018-03-27T16:21:45.083

1@MikeP /bin/ping is setuid-root. No matter who runs it, it runs with root privilege. Setuid programs must be thoroughly tested to ensure they cannot be used to run arbitrary commands. Nmap is not capable of being safely installed setuid-root, so you must use some other mechanism: root's password or sudo. – bonsaiviking – 2018-03-27T19:47:44.937

Yes they are different by default, ping is ICMP, and nmap ping sends a syn package to port 80 if I remember correctly, try using the -PE, -PM, -PP flags to make it do an ICMP ping

Kotzu

Posted 2014-04-02T18:32:13.937

Reputation:

without privilege, you can scan the port with netcat :

nc -z -w5 hostname 22; echo $?

answer 1 if failed, otherwise answer :

Connection to hostname 22 port [tcp/ssh] succeeded!

douardo

Posted 2014-04-02T18:32:13.937

Reputation: 111

Its best to quote and cite answers when you refer to them, the order of answers, can change daily. This answer itself has changed the order of the anwers to this question. – Ramhound – 2016-11-28T13:49:56.300

Simple fix for me (Windows 10). I just disabled my wireless adapter, which was not in use since I was using the primary LAN adapter. I'd recommend to disable all but your primary adapter.

NoSpamMan

Posted 2014-04-02T18:32:13.937

Reputation: 1