Nmap/VNC Not Giving the Same Results on Linux vs. Windows

[Nick H. Supervisor]

Hi all,

I think this is better suited to the Linux forum since it seems to be the Linux system that is having issues with Nmap...

Basically, if I run the following command in Windows I get this result:

But if I run the same command in Linux, I get the following:

I also note that if I try to use VNC to remotely connect to the Raspberry Pi (.139 now that I've plugged it into the Ethernet) it works with Windows, but not with Linux.

From this, I figure that the issue is something on my Linux install rather than it being an issue with the box I'm trying to connect to.

Do I need to enable something on my Linux install to let it do the necessary?

Please understand that this is pretty new to me. I'm doing it as a home project and trying to learn more. But I figured I may as well ask the experts before I do something stupid.

Many thanks in advance!

EDIT: Just to confirm, sudo doesn't change anything:

[Mindovermaster Global Moderator]

I'm not 100% sure. But Windows VS Linux apps are often different from each other.

Looks like Linux is only seeing .211..

Maybe @BudMan can show some light into this?

[Nick H. Supervisor]

Just a small update: I noticed that the Linux version was 7.94SVN, whereas the Windows version was 7.95. Just to be sure I removed the older version and compiled 7.95 for Linux. Unfortunately running the command again returns the same results - it only notices .211 (the Ring doorbell). Very odd.

VNC is also still unable to connect to the box. I'm guessing there must be a setting on my Linux install that I have to change, since both work fine on Windows.

[Mindovermaster Global Moderator]

  On 05/01/2025 at 15:36, Nick H. said:

Just a small update: I noticed that the Linux version was 7.94SVN, whereas the Windows version was 7.95. Just to be sure I removed the older version and compiled 7.95 for Linux. Unfortunately running the command again returns the same results - it only notices .211 (the Ring doorbell). Very odd.

VNC is also still unable to connect to the box. I'm guessing there must be a setting on my Linux install that I have to change, since both work fine on Windows.

Expand  

Yeah, there might be something in Firewall that is stopping it. Not sure what it could be, though.

[Nick H. Supervisor]

  On 05/01/2025 at 15:42, Mindovermaster said:

Yeah, there might be something in Firewall that is stopping it. Not sure what it could be, though.

Expand  

I thought that so I took a look. My firewall is disabled on my Linux install.

Looking through Nmap's documentation, I notice that they reference 2 other packages: Ncat and Nping. I'm wondering if those packages are automatically installed with the Windows .exe file, but need to be manually installed on Linux?

I'll install them and let you know how I get on...

EDIT: Nope, still only returning .211. Makes sense if I think about it, since if the issue was a missing package for Nmap it wouldn't explain why VNC can't find the box...

[+BudMan MVC]

Is the pi also on this 192.168.1 network, or is it on a different network than where your windows is scanning ?

Quite possible the devices on the 1 network don't want to answer ping from the IP the linux is on?

If I run on linux vs windows - I see the same hosts

root@UC:/home/user# nmap -sn 19.268.2.0/24
Starting Nmap 7.80 ( https://nmap.org ) at 2025-01-06 06:43 CST
Failed to resolve "19.268.2.0".
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.10 seconds
root@UC:/home/user# nmap -sn 192.168.2.0/24
Starting Nmap 7.80 ( https://nmap.org ) at 2025-01-06 06:43 CST
Nmap scan report for uap-ac-pro.home.arpa (192.168.2.2)
Host is up (0.00099s latency).
MAC Address: 80:2A:A8:13:4F:07 (Ubiquiti Networks)
Nmap scan report for uap-ac-lr.home.arpa (192.168.2.3)
Host is up (0.0010s latency).
MAC Address: 04:18:D6:C0:1C:90 (Ubiquiti Networks)
Nmap scan report for uap-ac-lite.home.arpa (192.168.2.4)
Host is up (0.00099s latency).
MAC Address: 04:18:D6:C0:1F:6B (Ubiquiti Networks)
Nmap scan report for 192.168.2.6
Host is up (0.00073s latency).
MAC Address: 74:AC:B9:AE:72:E4 (Ubiquiti Networks)
Nmap scan report for brother.home.arpa (192.168.2.50)
Host is up (0.0014s latency).
MAC Address: 30:05:5C:11:6A:D9 (Brother industries)
Nmap scan report for Kims-iphone.home.arpa (192.168.2.203)
Host is up (0.053s latency).
MAC Address: 60:D0:39:14:BD:3B (Unknown)
Nmap scan report for doh.home.arpa (192.168.2.253)
Host is up (0.00063s latency).
MAC Address: 00:08:A2:0C:E6:20 (ADI Engineering)
Nmap scan report for UC (192.168.2.13)
Host is up.
Nmap done: 256 IP addresses (8 hosts up) scanned in 3.41 seconds
root@UC:/home/user# 

 

$ nmap -sn 192.168.2.0/24
Starting Nmap 7.95 ( https://nmap.org ) at 2025-01-06 06:44 Central Standard Time
Nmap scan report for uap-ac-pro.home.arpa (192.168.2.2)
Host is up (0.0020s latency).
Nmap scan report for uap-ac-lr.home.arpa (192.168.2.3)
Host is up (0.0020s latency).
Nmap scan report for uap-ac-lite.home.arpa (192.168.2.4)
Host is up (0.0020s latency).
Nmap scan report for 192.168.2.6
Host is up (0.0020s latency).
Nmap scan report for UC.home.arpa (192.168.2.13)
Host is up (0.0010s latency).
Nmap scan report for brother.home.arpa (192.168.2.50)
Host is up (0.0050s latency).
Nmap scan report for Kims-iphone.home.arpa (192.168.2.203)
Host is up (0.095s latency).
Nmap scan report for doh.home.arpa (192.168.2.253)
Host is up (0.00s latency).
Nmap done: 256 IP addresses (8 hosts up) scanned in 4.68 seconds

My linux box is on the 192.168.2 network, while my windows is on 192.168.9 network.  Notice how my linux comes back with the mac address, but windows does not.

Your linux shows mac, so assume its on that 1 network, but your windows does not so take it is not on the 192.168.1 network.

See if I run on my windows on the local network 192.168.9.0 it comes back with macs for the IPs on that network.

$ nmap -sn 192.168.9.0/24
Starting Nmap 7.95 ( https://nmap.org ) at 2025-01-06 06:51 Central Standard Time
Nmap scan report for nas.home.arpa (192.168.9.10)
Host is up (0.0019s latency).
MAC Address: 00:11:32:7B:29:7D (Synology Incorporated)
Nmap scan report for nas.2ndIP.home.arp (192.168.9.11)
Host is up (0.0040s latency).
MAC Address: 00:11:32:7B:29:7E (Synology Incorporated)
Nmap scan report for sg300-10.home.arpa (192.168.9.98)
Host is up (0.013s latency).
MAC Address: C0:7B:BC:65:4F:13 (Cisco Systems)
Nmap scan report for sg300-28.home.arpa (192.168.9.99)
Host is up (0.012s latency).
MAC Address: 70:6E:6D:F3:11:93 (Cisco Systems)
Nmap scan report for sg4860.home.arpa (192.168.9.253)
Host is up (0.0016s latency).
MAC Address: 00:08:A2:0C:E6:24 (ADI Engineering)
Nmap scan report for i9-win.home.arpa (192.168.9.100)
Host is up.
Nmap done: 256 IP addresses (6 hosts up) scanned in 1.94 seconds

But if run that scan from linux that is on the .2 network it doesn't for the stuff on the 9 network

root@UC:/home/user# nmap -sn 192.168.9.0/24
Starting Nmap 7.80 ( https://nmap.org ) at 2025-01-06 06:52 CST
Nmap scan report for nas.home.arpa (192.168.9.10)
Host is up (0.00041s latency).
Nmap scan report for nas.2ndIP.home.arp (192.168.9.11)
Host is up (0.0033s latency).
Nmap scan report for sg300-10.home.arpa (192.168.9.98)
Host is up (0.0037s latency).
Nmap scan report for sg300-28.home.arpa (192.168.9.99)
Host is up (0.0037s latency).
Nmap scan report for i9-win.home.arpa (192.168.9.100)
Host is up (0.00052s latency).
Nmap scan report for sg4860.home.arpa (192.168.9.253)
Host is up (0.00030s latency).
Nmap done: 256 IP addresses (6 hosts up) scanned in 3.57 seconds

So its quite possible that devices your scanning from windows have firewalls and just don't want to answer the ping from some IP that is not on their local network.  Or maybe they are using a different gateway and ping doesn't work at all from that IP your scanning from.

 

 

[Nick H. Supervisor]

Ah, I think I found the issue! I'm a bit of a muppet...

The culprit seems to have been NordVPN. For some reason, in Linux the setting for LAN discovery is set to "disabled" by default. After switching it to "enabled" I've been able to remotely connect to the box. NordVPN also has a firewall option that is enabled by default, but after switching that off Nmap runs the scan successfully.

Weird how the default settings for NordVPN seem to be different on Linux compared to Windows. Oh well!

[Mindovermaster Global Moderator]

Weird indeed.. Well, NordVPN runs differently in Linux. In windows, theres an app for it. In Linux, its different. (Havent used NordVPN in a couple years, not sure what they use now)

[+BudMan MVC]

Not a fan of any of those - whats the saying I wouldn't touch that with a 20ft pole.

There is a more colorful version of that - but prob not appropriate to use here

 

[Nick H. Supervisor]

  On 06/01/2025 at 17:57, BudMan said:

Not a fan of any of those - whats the saying I wouldn't touch that with a 20ft pole.

There is a more colorful version of that - but prob not appropriate to use here

Expand  

I know we're going a bit off-topic here, but could you explain a bit further?

I assume by "not being a fan of any of those" you mean commercial VPN options? If so, what is your preference? In-house VPN? I might look into setting something like that up with the Raspberry Pi if it's worthwhile...

[+BudMan MVC]

Oh the Pi's I love them - what is your use case for your vpn? Hiding your https traffic that is already encrypted from your bad isp? Hiding your IP from websites you visiting like neowin? Or just your tin foil hat and someone/something sold you on that vpn will protect your privarcy?

Or are you using it to circumvent some geo ip restriction? Or hiding that your doing p2p from your isp?

Give me the use case of running some vpn on your pi or your pc and we can discuss options.

That nord one - I know for a fact they have somewhat recently started intercepting dns traffic - I have not heard that they stopped doing that.. That breaks dns resolving, etc. Do a query to 1.2.3.4 for dns - does it answer? If so your dns is being intercepted because 1.2.3.4 doesn't answer dns.

[Nick H. Supervisor]

  On 07/01/2025 at 02:31, BudMan said:

what is your use case for your vpn?

Expand  

Mostly getting around geo restrictions, although I guess I have also fallen for the hype of additional privacy from ISP's and "free WiFi" networks.

[+BudMan MVC]

So free wifi - what sort of traffic would you be sending over this free wifi that wouldn't already be encrypted, what traffic these days is not via https? If you concerned with this - then running vpn server on your home connection and routing traffic through that would remove that concern. As to hiding your encrypted traffic from your isp.. Why are you using this isp if you don't trust them to not mitm your encrypted traffic?  But you trust some vpn service because why - they say trust us? And tell you your isp is spying on you? And you throw them a few bucks a month.. How much do you pay your isp?

Your geoip circumvention is really the only one that makes any sense for use of a vpn service that has endpoints all over the planet.. Personally I don't really understand the need of that - are you wanting to watch say the US netflix library, or something like that?  Do you hop around the globe with different endpoints for different geoip restrictions.. If I wanted to say looked like I was coming from the UK vs the US, I would just fire up a vps in that region and route the specific traffic I wanted to look like it was coming from the UK, vs putting some 3rd party client on my boxes.. That now slows down all my other non geoip restrictive traffic, etc.