Hi
I am starting to practice nmap for my own education.
Now I created two host in virtual box.
Bot are scientific linux, one in installed as web server and the other as developing station.
I tried to run nmap on so I did nmap on their IP address, I got an answer that ip is down or that something blocking the ping.
I wonder if it is iptables or something else and how can I cancel it?
Thank in advance.
If you can get it, the arping utility is useful for telling between obnoxious firewalls and actual network problems. A client can't ignore ARP and still communicate over IP, afterall.
[edit] It of course only can send arp over a local subnet, though.
Some distributions of linux do block ping. Can your client ping you? If so it's not likely to be blocked since they're the same distro.
If your client is behind NAT you may not be able to directly ping it from the host.
thank you for your help.
well I did harp in host OS of the two guest virtual machine (the two scientific linux).
It seem that they are indeed detected.
Because I see their name.
Now since I want to learn the nmap and linux networking, can you guide me how can I find what block the ping in the scientif linux machine.
Since it is VM in my computer I have direct access to it.
What should I do to detect what is blocking the ping?
Is it the iptables or something else?
I am newbie to this issue so any help will be welcome.
Surprisingly, not necessarily. It may depend on what network arrangement you configured them for.
Repeating the same questions doesn't us the information we need to help you.
I think I ninjaed in an edit while you were replying, some new questions in there now.
the network setting of the VM is bridge so they are not behind NAT.
When I do ping to the VM from the command line it is working as well as from the other direction (from the VM to the host OS(of the guest VM)).
However the nmap can not find any host behind the IP.
I get the following message :
Starting Nmap 5.21 ( http://nmap.org ) at 2011-06-17 18:58 IDT
Note: Host seems down. If it is really up, but blocking our ping probes, try -PN
Nmap done: 1 IP address (0 hosts up) scanned in 0.04 seconds
---------- Post updated at 07:05 PM ---------- Previous update was at 06:59 PM ----------
---------- Post updated at 07:06 PM ---------- Previous update was at 07:05 PM ----------
Thank you.
what is the information you need for helping me?
I basically run ubuntu as the OS of my computer.
I have installed virtual box and created two VM.
Both scientific linux, one was installed as a web server and the other was installed as a developing station.
In the VM network setting I give both of them bridge.
And when I do ifconfig both show legal internal IP address just link my host OS (ubuntu).
All of the the host OS and the two guest OS have the same three first octet of the IP address.
I can do ping from and to the guest OS as well as the host OS.
However nmap claim that there is no host behind the IP of the guest OS or that something blocking ping.
However this is weird because I am able to do ping to the guest OS.
due you need any more information?
What do you think can make this problem?
You're right, bridge mode should have direct communication.
If you can ping in both directions, ping is not blocked, so your title's a bit misleading. And if you can ping I think your connection's good and likely unfirewalled.
Perhaps you need to force nmap to use a specific network interface? Bridge mode can involve some network trickery that might confuse things which try to operate at a low level. Run ifconfig on the host to see what interface connects where.
It could also be that nmap can't scan your client because it really doesn't have any network services running.
And just to rule out the firewall, you can do /sbin/iptables-save on both hosts to see if it prints anything.
the title was because of the nmap message.
It claim that the ping is maybe blocking.
as you can see in the nmap message that I have posted.
---------- Post updated at 07:15 PM ---------- Previous update was at 07:10 PM ----------
well when I do:
nmap -PN 192.168.1.7
then I get :
Nmap scan report for new-host-2.home (192.168.1.7)
Host is up (0.0012s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE
22/tcp open ssh
Nmap done: 1 IP address (1 host up) scanned in 5.25 seconds
so there is at least one service up there, the SSH.
But something is blocking the nmap ping.
What is it and how can I remove it if I want.
you know I do it for my education.
I want to learn how linux work in networking, that is why I ask you what can block in linux (and more specifically scientific linux) the nmap ping and in what why is it different from the ping that I write in the command line?
---------- Post updated at 07:21 PM ---------- Previous update was at 07:15 PM ----------
I did ifconfig in both.
On what part of the ifconfig do you want me to look?
there both IP start with 192.168.1
only that the guest OS is 192.168.1.7 and the one of the host is 192.168.1.3
there is SSH service on the client.
well I did what you suggest in both the host OS (ubuntu) and the guest OS (scientif linux) and it print nothing.
ping is extremely straightforward. All it does is send one very specific kind of packet to a specific destination and it either goes or it doesn't.
nmap is a whole suite of stuff. There's not an "nmap ping" kind of ping, it's doing a variety of things, and not even the same thing all the time.
Reading through the nmap documentation I find this:
80 and 443 wouldn't have found your ssh port. Perhaps you should run it as root, so it can do more.
Also try --traceroute in case it's picked some crazy destination instead of the correct interface.
In short, if you can ping and nmap can't, nmap's wrong.