Nmap/VNC Not Giving the Same Results on Linux vs. Windows


Recommended Posts

Hi all,

I think this is better suited to the Linux forum since it seems to be the Linux system that is having issues with Nmap...

Basically, if I run the following command in Windows I get this result:

tf6VlXb.png

But if I run the same command in Linux, I get the following:

gLHwJan.png

I also note that if I try to use VNC to remotely connect to the Raspberry Pi (.139 now that I've plugged it into the Ethernet) it works with Windows, but not with Linux.

From this, I figure that the issue is something on my Linux install rather than it being an issue with the box I'm trying to connect to.

Do I need to enable something on my Linux install to let it do the necessary?

Please understand that this is pretty new to me. I'm doing it as a home project and trying to learn more. But I figured I may as well ask the experts before I do something stupid. :laugh:

Many thanks in advance!

EDIT: Just to confirm, sudo doesn't change anything:

ZNy52Pr.png

I'm not 100% sure. But Windows VS Linux apps are often different from each other.

Looks like Linux is only seeing .211..

Maybe @BudMan can show some light into this?

Just a small update: I noticed that the Linux version was 7.94SVN, whereas the Windows version was 7.95. Just to be sure I removed the older version and compiled 7.95 for Linux. Unfortunately running the command again returns the same results - it only notices .211 (the Ring doorbell). Very odd.

VNC is also still unable to connect to the box. I'm guessing there must be a setting on my Linux install that I have to change, since both work fine on Windows.

  On 05/01/2025 at 15:36, Nick H. said:

Just a small update: I noticed that the Linux version was 7.94SVN, whereas the Windows version was 7.95. Just to be sure I removed the older version and compiled 7.95 for Linux. Unfortunately running the command again returns the same results - it only notices .211 (the Ring doorbell). Very odd.

VNC is also still unable to connect to the box. I'm guessing there must be a setting on my Linux install that I have to change, since both work fine on Windows.

Expand  

Yeah, there might be something in Firewall that is stopping it. Not sure what it could be, though.

  On 05/01/2025 at 15:42, Mindovermaster said:

Yeah, there might be something in Firewall that is stopping it. Not sure what it could be, though.

Expand  

I thought that so I took a look. My firewall is disabled on my Linux install.

Looking through Nmap's documentation, I notice that they reference 2 other packages: Ncat and Nping. I'm wondering if those packages are automatically installed with the Windows .exe file, but need to be manually installed on Linux?

I'll install them and let you know how I get on...

EDIT: Nope, still only returning .211. Makes sense if I think about it, since if the issue was a missing package for Nmap it wouldn't explain why VNC can't find the box...

Is the pi also on this 192.168.1 network, or is it on a different network than where your windows is scanning ?

Quite possible the devices on the 1 network don't want to answer ping from the IP the linux is on?

If I run on linux vs windows - I see the same hosts

root@UC:/home/user# nmap -sn 19.268.2.0/24
Starting Nmap 7.80 ( https://nmap.org ) at 2025-01-06 06:43 CST
Failed to resolve "19.268.2.0".
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.10 seconds
root@UC:/home/user# nmap -sn 192.168.2.0/24
Starting Nmap 7.80 ( https://nmap.org ) at 2025-01-06 06:43 CST
Nmap scan report for uap-ac-pro.home.arpa (192.168.2.2)
Host is up (0.00099s latency).
MAC Address: 80:2A:A8:13:4F:07 (Ubiquiti Networks)
Nmap scan report for uap-ac-lr.home.arpa (192.168.2.3)
Host is up (0.0010s latency).
MAC Address: 04:18:D6:C0:1C:90 (Ubiquiti Networks)
Nmap scan report for uap-ac-lite.home.arpa (192.168.2.4)
Host is up (0.00099s latency).
MAC Address: 04:18:D6:C0:1F:6B (Ubiquiti Networks)
Nmap scan report for 192.168.2.6
Host is up (0.00073s latency).
MAC Address: 74:AC:B9:AE:72:E4 (Ubiquiti Networks)
Nmap scan report for brother.home.arpa (192.168.2.50)
Host is up (0.0014s latency).
MAC Address: 30:05:5C:11:6A:D9 (Brother industries)
Nmap scan report for Kims-iphone.home.arpa (192.168.2.203)
Host is up (0.053s latency).
MAC Address: 60:D0:39:14:BD:3B (Unknown)
Nmap scan report for doh.home.arpa (192.168.2.253)
Host is up (0.00063s latency).
MAC Address: 00:08:A2:0C:E6:20 (ADI Engineering)
Nmap scan report for UC (192.168.2.13)
Host is up.
Nmap done: 256 IP addresses (8 hosts up) scanned in 3.41 seconds
root@UC:/home/user# 

 

$ nmap -sn 192.168.2.0/24
Starting Nmap 7.95 ( https://nmap.org ) at 2025-01-06 06:44 Central Standard Time
Nmap scan report for uap-ac-pro.home.arpa (192.168.2.2)
Host is up (0.0020s latency).
Nmap scan report for uap-ac-lr.home.arpa (192.168.2.3)
Host is up (0.0020s latency).
Nmap scan report for uap-ac-lite.home.arpa (192.168.2.4)
Host is up (0.0020s latency).
Nmap scan report for 192.168.2.6
Host is up (0.0020s latency).
Nmap scan report for UC.home.arpa (192.168.2.13)
Host is up (0.0010s latency).
Nmap scan report for brother.home.arpa (192.168.2.50)
Host is up (0.0050s latency).
Nmap scan report for Kims-iphone.home.arpa (192.168.2.203)
Host is up (0.095s latency).
Nmap scan report for doh.home.arpa (192.168.2.253)
Host is up (0.00s latency).
Nmap done: 256 IP addresses (8 hosts up) scanned in 4.68 seconds

My linux box is on the 192.168.2 network, while my windows is on 192.168.9 network.  Notice how my linux comes back with the mac address, but windows does not.

Your linux shows mac, so assume its on that 1 network, but your windows does not so take it is not on the 192.168.1 network.

See if I run on my windows on the local network 192.168.9.0 it comes back with macs for the IPs on that network.

$ nmap -sn 192.168.9.0/24
Starting Nmap 7.95 ( https://nmap.org ) at 2025-01-06 06:51 Central Standard Time
Nmap scan report for nas.home.arpa (192.168.9.10)
Host is up (0.0019s latency).
MAC Address: 00:11:32:7B:29:7D (Synology Incorporated)
Nmap scan report for nas.2ndIP.home.arp (192.168.9.11)
Host is up (0.0040s latency).
MAC Address: 00:11:32:7B:29:7E (Synology Incorporated)
Nmap scan report for sg300-10.home.arpa (192.168.9.98)
Host is up (0.013s latency).
MAC Address: C0:7B:BC:65:4F:13 (Cisco Systems)
Nmap scan report for sg300-28.home.arpa (192.168.9.99)
Host is up (0.012s latency).
MAC Address: 70:6E:6D:F3:11:93 (Cisco Systems)
Nmap scan report for sg4860.home.arpa (192.168.9.253)
Host is up (0.0016s latency).
MAC Address: 00:08:A2:0C:E6:24 (ADI Engineering)
Nmap scan report for i9-win.home.arpa (192.168.9.100)
Host is up.
Nmap done: 256 IP addresses (6 hosts up) scanned in 1.94 seconds

But if run that scan from linux that is on the .2 network it doesn't for the stuff on the 9 network

root@UC:/home/user# nmap -sn 192.168.9.0/24
Starting Nmap 7.80 ( https://nmap.org ) at 2025-01-06 06:52 CST
Nmap scan report for nas.home.arpa (192.168.9.10)
Host is up (0.00041s latency).
Nmap scan report for nas.2ndIP.home.arp (192.168.9.11)
Host is up (0.0033s latency).
Nmap scan report for sg300-10.home.arpa (192.168.9.98)
Host is up (0.0037s latency).
Nmap scan report for sg300-28.home.arpa (192.168.9.99)
Host is up (0.0037s latency).
Nmap scan report for i9-win.home.arpa (192.168.9.100)
Host is up (0.00052s latency).
Nmap scan report for sg4860.home.arpa (192.168.9.253)
Host is up (0.00030s latency).
Nmap done: 256 IP addresses (6 hosts up) scanned in 3.57 seconds

So its quite possible that devices your scanning from windows have firewalls and just don't want to answer the ping from some IP that is not on their local network.  Or maybe they are using a different gateway and ping doesn't work at all from that IP your scanning from.

 

 

  • Like 1

Ah, I think I found the issue! I'm a bit of a muppet...

The culprit seems to have been NordVPN. For some reason, in Linux the setting for LAN discovery is set to "disabled" by default. After switching it to "enabled" I've been able to remotely connect to the box. NordVPN also has a firewall option that is enabled by default, but after switching that off Nmap runs the scan successfully.

Weird how the default settings for NordVPN seem to be different on Linux compared to Windows. Oh well!

Weird indeed.. Well, NordVPN runs differently in Linux. In windows, theres an app for it. In Linux, its different. (Havent used NordVPN in a couple years, not sure what they use now)

Not a fan of any of those - whats the saying I wouldn't touch that with a 20ft pole.

There is a more colorful version of that - but prob not appropriate to use here ;)

 

  • Haha 1
  On 06/01/2025 at 17:57, BudMan said:

Not a fan of any of those - whats the saying I wouldn't touch that with a 20ft pole.

There is a more colorful version of that - but prob not appropriate to use here ;)

Expand  

I know we're going a bit off-topic here, but could you explain a bit further?

I assume by "not being a fan of any of those" you mean commercial VPN options? If so, what is your preference? In-house VPN? I might look into setting something like that up with the Raspberry Pi if it's worthwhile...

Oh the Pi's I love them - what is your use case for your vpn? Hiding your https traffic that is already encrypted from your bad isp? Hiding your IP from websites you visiting like neowin? Or just your tin foil hat and someone/something sold you on that vpn will protect your privarcy?

Or are you using it to circumvent some geo ip restriction? Or hiding that your doing p2p from your isp?

Give me the use case of running some vpn on your pi or your pc and we can discuss options.

That nord one - I know for a fact they have somewhat recently started intercepting dns traffic - I have not heard that they stopped doing that.. That breaks dns resolving, etc. Do a query to 1.2.3.4 for dns - does it answer? If so your dns is being intercepted because 1.2.3.4 doesn't answer dns.

  On 07/01/2025 at 02:31, BudMan said:

what is your use case for your vpn?

Expand  

Mostly getting around geo restrictions, although I guess I have also fallen for the hype of additional privacy from ISP's and "free WiFi" networks.

So free wifi - what sort of traffic would you be sending over this free wifi that wouldn't already be encrypted, what traffic these days is not via https? If you concerned with this - then running vpn server on your home connection and routing traffic through that would remove that concern. As to hiding your encrypted traffic from your isp.. Why are you using this isp if you don't trust them to not mitm your encrypted traffic?  But you trust some vpn service because why - they say trust us? And tell you your isp is spying on you? And you throw them a few bucks a month.. How much do you pay your isp?

Your geoip circumvention is really the only one that makes any sense for use of a vpn service that has endpoints all over the planet.. Personally I don't really understand the need of that - are you wanting to watch say the US netflix library, or something like that?  Do you hop around the globe with different endpoints for different geoip restrictions.. If I wanted to say looked like I was coming from the UK vs the US, I would just fire up a vps in that region and route the specific traffic I wanted to look like it was coming from the UK, vs putting some 3rd party client on my boxes.. That now slows down all my other non geoip restrictive traffic, etc.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Send more sensitive documents to Meta. What could possibly go wrong...
    • I have not heard of that name in a while. I stopped reading his content and listening to him some time ago.
    • Consumer Reports is flat out wrong. Wouldn't be the first time it's a fact that when you have more moving parts, you have more room for failure. Less points of failure when all you replace on an EV is the tires and the wipers.
    • WYSIWYG Web Builder 20.2.2 by Razvan Serea Web Buialder is a WYSIWYG (What-You-See-Is-What-You-Get) program used to create complete web sites. WYSIWYG means that the finished page will display exactly the way it was designed. The program generates HTML (HyperText Markup Language) tags while you point and click on desired functions; you can create a web page without learning HTML. Just drag and drop objects to the page position them "anywhere" you want and when youre finished publish it to your web server (using the build in Publish tool). Web Builder gives you full control over the content and layout of your web pages. One Web Builder project file can hold multiple web pages. Desktop publishing for the web, build web sites as easy as Drag & Drop "One Click Publishing" No FTP program needed. No special hosting required, use with any Hosting Service! Easily create forms using the built-in Form Wizard plus Form validation tools and built-in CAPTCHA. Advanced graphics tools like shapes, textart, rotation, shadows and many other image effects. Fully integrated jQuery UI (Accordion, Tabs etc), animations, effects and built-in ThemeRoller theme editor. Google compatible sitemap generator / PayPal eCommerce Tools Many navigation tools available: Navigation bars, tab menus, dropdown menus, sitetree, slidemenus. Built-in Slide Shows, Photo Galleries, Rollover images, Banners etc. Support for YouTube, Flash Video, Windows Media Player and many other video formats. Unique extension (add-on) system with already more than 250 extensions available! Create HTML5 / CSS3 websites today HTML5 document type (optimized HTML5 output). HTML5 audio/video and YouTube HTML5 support. HTML5 forms: native form validation, new input types and options, web storage. HTML5 canvas and svg support in shapes and other drawing tools. CSS3 @font-face. Use non web safe fonts in all modern browsers. CSS3 opacity, border radius, box shadow. CSS3 gradients. Add cool gradient effects using native CSS3 (no images). CSS3 navigation menu. Create awesome menus without using JavaScript or images. CSS3 animations and transitions. Including support for 2D and 3D transforms! Features for advanced users: Login Tools/Page Password Protection. Built-in Content Management System with many plug-ins (guestbook, faq, downloads, photo album etc). Add custom HTML code with the HTML tools. JavaScript Events: Show/hide objects (with animation), timers, move objects, change styles etc. Layers: Sticky layer, Docking layer, Floating layer, Modal layer, Anchored layer, Strechable layer and more! jQuery Theme Manager, create your own themes for the built-in jQuery UI widgets. Style Manager (global styling, H1, H2, H3 etc). Master Frames and Master Objects: reuse common element in your website. and much more! WYSIWYG Web Builder 20.2.2 changelog: Improved: Minor change in HTML formatting of the Overlay Menu. Fixed: Issue with aspect ratio of HTML Video. Download: WYSIWYG Web Builder 64-bit | 30.1 MB (Shareware) Download: WYSIWYG Web Builder 32-bit | 28.0 MB Screenshot: >> Click here << Link: Home Page | Templates | Free extras/addons | Changelog Get alerted to all of our Software updates on Twitter at @NeowinSoftware
  • Recent Achievements

    • Collaborator
      Mighty Pen went up a rank
      Collaborator
    • Week One Done
      emptyother earned a badge
      Week One Done
    • Week One Done
      DarkWun earned a badge
      Week One Done
    • Very Popular
      valkyr09 earned a badge
      Very Popular
    • Week One Done
      suprememobiles earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      568
    2. 2
      +FloatingFatMan
      189
    3. 3
      ATLien_0
      179
    4. 4
      Skyfrog
      112
    5. 5
      Xenon
      110
  • Tell a friend

    Love Neowin? Tell a friend!