14

I'm running Metasploit from Win 7 x64, and I've set up my Metasploitable 2 virtual machine on VMware Player. I can ping Metasploitable's IP address from the Metasploit console, however if I use nmap it says:

Note: Host seems down. If it is really up, but blocking our ping probles, try -Pn

I try it with the -Pn switch, it says

Nmap done: 1 IP address (0 hosts up) scanned in 0.64 seconds

I've disabled my Windows firewall and I'm running Metasploit as admin. Why can't I nmap my virtual machine?

Pickle
  • 283
  • 1
  • 4
  • 10
  • Can you add the output (sanitized if you like) of `nmap --iflist` and `nmap --route-dst $TARGET` where `$TARGET` is the IP of the Metasploitable VM? – bonsaiviking Aug 27 '12 at 02:25
  • I don't know what the problem was, but it's definitely an issue with Windows. I installed Metasploit on a Backtrack VM and it works fine. – Pickle Aug 28 '12 at 00:51
  • see also http://superuser.com/q/737431/4227 – AShelly Sep 29 '14 at 21:34

4 Answers4

14

Using sudo often fixes it: sudo nmap [options]

Nmap needs root to construct raw packets (it doesn't rely on the system's ping binary for pinging, but it also does a lot of other custom packet crafting). When Nmap is allowed this raw capability, a ping scan works as expected.

Protip: sudo !! repeats the last command as root (the !! stands for "last command").

Luc
  • 2,783
  • 2
  • 26
  • 37
  • 1
    Being `sudo` also works on my system, however, it's problematic because I execute `nmap` through a PHP script which by default does not have elevated rights :-( – Eugene van der Merwe Nov 17 '13 at 09:34
  • It's odd to me because without using sudo nmap can discover other systems (well ... my router, and my current laptop computer) but not my windows 10 sbc (lattepanda). – user391339 Feb 09 '18 at 23:00
  • unfortunately that did not work.... sudo nmap can't see what ping can (sierra macbook pinging a win10 lattepanda connected to same wifi router) – user391339 Feb 09 '18 at 23:02
3

If you are using an older (version 6.00 or 6.01) version of Nmap, this may be related to a known bug. Try running with --unprivileged, which will break some features of Nmap, but ought to work for port scanning. Alternatively, use the output of nmap --iflist to identify the interface name (e.g. eth1) that should be used for the scan, and pass it to Nmap with the -e flag, like so: nmap -e eth1 --other --args targets

Of course the best solution is to upgrade to an unaffected version of Nmap with the latest improvements.

bonsaiviking
  • 1,938
  • 12
  • 11
  • Your solution works on windows with nmap 7.70, which is much later than the buggy versions you listed. It might be a good idea to test `-e` no matter which version you are using. – Pianosaurus Apr 03 '19 at 22:33
2

I had the exact same problem in my Windows 7 Enterprise x86.

When I added the -e option as bonsaiviking explained, it works well, though too slow. Additionally, I found it happens when your PC has multiple network adapters such as VM network (VMware Network Adapter VMnet8).

After disabling the vm8 adapter it works well without the -e option.

Community
  • 1
user1664748
  • 21
  • 1
0

I had this issue with nmap 7.92 on Windows 11, and installing npcap resolved the issue for me.

johnnyodonnell
  • 111
  • 2