Home / server / Questions / 381890
In Process
slugman
Asked: 2012-04-22 14:13:20 +0800 CST

Can't Ping host, nmap detects it?

  • 772

I have a simple question that I'm trying to wrap my head around. I know this requires knowledge of my internal network, but at a glance, what do you guys think..

I cannot ping a host in my network (nor can I arping the host), however nmap can detect the host.

Does this mean I have connectivity to the host? Or am I dead in the water?

I have a route to the host in my routes, and iptables is disabled on my server (rhel6).

192.168.6.0     0.0.0.0         255.255.255.128 U     0      0        0 bond2

--- 192.168.6.5 ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5212ms

--- 192.168.6.6 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1097ms

Nmap scan report for mdc001 (192.168.6.5)
Host is up (0.00017s latency).
MAC Address: 12:34:56:78:90:AB (Hewlett Packard)
Nmap scan report for mdc002 (192.168.6.6)
Host is up (0.00018s latency).
MAC Address: 12:34:56:78:90:AB (Hewlett Packard)

(MAC's modified for obscurity).

What gives? Am I able to communicate with the host or not? Also, there were link-local routes for the interface on that network (bond2), but I removed them just in case.

Diego

ping local-area-network nmap

3 Answers

  1. You might have a device which is not configured to provide an ICMP echo response (the device replying PONG to your PING in essence). That doesn't mean that it isn't there, and NMAP can use other indicators to decide whether or not a device is really 'UP' or not.

    One example would be a 'TCP ping'. In this case NMAP would send a SYN or an ACK packet to a TCP port and see if it responds (NMAP will try Port 80 first according to the documentation), if there is a service listening on the device, it will respond to NMAP's request (thus giving away the fact that the device is really there).

    • 4

  2. Nmap scans for other services than just ICMP to detect if a host is up or not.

    • 3

  3. I'm not sure why I didn't realize this earlier, but what you said makes compete sense Leftcase.

    The thing is, I thought perhaps the server I was trying to contact may have disabled acknowledging incoming icmp rquests

    Turns out that is not true. I can ping the mdc001 host from several other members inside the lan. My rhel6 server is the only one which can't communicate to mdc001.

    I know I'm missing something, I just can't think what. This mdc001 host is a metadata controller, I need it in order to mount a stornext filesstem

    • 0