why does nmap seems to have problems to see my android devices, sometimes it would see them but sometimes not
As @cremefraiche notes in the comments, Nmap's host discovery phase (sometimes called "ping scan") is not the same thing as ICMP Echo Request (as used by the ping
utility). In some cases (with root permissions against a target in a different subnet) the ICMP echo request is used, but it would never be used against targets on the same AP as the scanner, unless you explicitly use the --disable-arp-ping
option.
For reasons I'll get to later, I would guess that you are not running this scan with root (sudo
) privileges. In this case, Nmap's host discovery is implemented by trying to connect to TCP ports 80 and 443; if either of these is rejected or accepted, the host is considered to be "up." If the connections time out (which can happen with a firewalled system), then the host is marked "down."
If you were running with root privilege, Nmap would send an ARP request to determine the MAC address of the IP you are targeting. Answering this kind of request is a requirement to being connected on an Ethernet or wireless LAN, so it is pretty much guaranteed to work. If you are using sudo
and still not getting a response, then you should probably file a bug report with the Nmap project ([email protected]).
Related videos on Youtube
sebas
Updated on September 18, 2022Comments
-
sebas over 1 year
I have noticed that running
nmap 192.168.0.*
would list all the devices connected to my wireless AP except for my Android phones, however if I doPing
any of them they are conected im just wondering what is the reason for that to happen.-
cremefraiche over 9 yearsThis is not an Ubuntu related question, however the very short answer is because the nmap scan and ping are using different protocols. Study the nmap documents to understand how it works.
-
RolfBly about 7 years@moderators, While there's no denying that this is off-topic in terms Ubuntu-related, this page is up top when you google "android slow respond to nmap or ping", so it is quite helpful to the masses (not just to me). Perhaps move it to a place (Serverfault?) where it may prosper, and redirect from here?
-
-
bonsaiviking over 9 years
-Pn
means "skip host discovery" and will result in a full port scan against every address requested, even if nobody is listening. This can slow your scan down considerably. -
Lephy over 9 yearsOh, thanks for the explaining, I did not know this =D