Nmap/VNC Not Giving the Same Results on Linux vs. Windows


Recommended Posts

Hi all,

I think this is better suited to the Linux forum since it seems to be the Linux system that is having issues with Nmap...

Basically, if I run the following command in Windows I get this result:

tf6VlXb.png

But if I run the same command in Linux, I get the following:

gLHwJan.png

I also note that if I try to use VNC to remotely connect to the Raspberry Pi (.139 now that I've plugged it into the Ethernet) it works with Windows, but not with Linux.

From this, I figure that the issue is something on my Linux install rather than it being an issue with the box I'm trying to connect to.

Do I need to enable something on my Linux install to let it do the necessary?

Please understand that this is pretty new to me. I'm doing it as a home project and trying to learn more. But I figured I may as well ask the experts before I do something stupid. :laugh:

Many thanks in advance!

EDIT: Just to confirm, sudo doesn't change anything:

ZNy52Pr.png

I'm not 100% sure. But Windows VS Linux apps are often different from each other.

Looks like Linux is only seeing .211..

Maybe @BudMan can show some light into this?

Just a small update: I noticed that the Linux version was 7.94SVN, whereas the Windows version was 7.95. Just to be sure I removed the older version and compiled 7.95 for Linux. Unfortunately running the command again returns the same results - it only notices .211 (the Ring doorbell). Very odd.

VNC is also still unable to connect to the box. I'm guessing there must be a setting on my Linux install that I have to change, since both work fine on Windows.

  On 05/01/2025 at 15:36, Nick H. said:

Just a small update: I noticed that the Linux version was 7.94SVN, whereas the Windows version was 7.95. Just to be sure I removed the older version and compiled 7.95 for Linux. Unfortunately running the command again returns the same results - it only notices .211 (the Ring doorbell). Very odd.

VNC is also still unable to connect to the box. I'm guessing there must be a setting on my Linux install that I have to change, since both work fine on Windows.

Expand  

Yeah, there might be something in Firewall that is stopping it. Not sure what it could be, though.

  On 05/01/2025 at 15:42, Mindovermaster said:

Yeah, there might be something in Firewall that is stopping it. Not sure what it could be, though.

Expand  

I thought that so I took a look. My firewall is disabled on my Linux install.

Looking through Nmap's documentation, I notice that they reference 2 other packages: Ncat and Nping. I'm wondering if those packages are automatically installed with the Windows .exe file, but need to be manually installed on Linux?

I'll install them and let you know how I get on...

EDIT: Nope, still only returning .211. Makes sense if I think about it, since if the issue was a missing package for Nmap it wouldn't explain why VNC can't find the box...

Is the pi also on this 192.168.1 network, or is it on a different network than where your windows is scanning ?

Quite possible the devices on the 1 network don't want to answer ping from the IP the linux is on?

If I run on linux vs windows - I see the same hosts

root@UC:/home/user# nmap -sn 19.268.2.0/24
Starting Nmap 7.80 ( https://nmap.org ) at 2025-01-06 06:43 CST
Failed to resolve "19.268.2.0".
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.10 seconds
root@UC:/home/user# nmap -sn 192.168.2.0/24
Starting Nmap 7.80 ( https://nmap.org ) at 2025-01-06 06:43 CST
Nmap scan report for uap-ac-pro.home.arpa (192.168.2.2)
Host is up (0.00099s latency).
MAC Address: 80:2A:A8:13:4F:07 (Ubiquiti Networks)
Nmap scan report for uap-ac-lr.home.arpa (192.168.2.3)
Host is up (0.0010s latency).
MAC Address: 04:18:D6:C0:1C:90 (Ubiquiti Networks)
Nmap scan report for uap-ac-lite.home.arpa (192.168.2.4)
Host is up (0.00099s latency).
MAC Address: 04:18:D6:C0:1F:6B (Ubiquiti Networks)
Nmap scan report for 192.168.2.6
Host is up (0.00073s latency).
MAC Address: 74:AC:B9:AE:72:E4 (Ubiquiti Networks)
Nmap scan report for brother.home.arpa (192.168.2.50)
Host is up (0.0014s latency).
MAC Address: 30:05:5C:11:6A:D9 (Brother industries)
Nmap scan report for Kims-iphone.home.arpa (192.168.2.203)
Host is up (0.053s latency).
MAC Address: 60:D0:39:14:BD:3B (Unknown)
Nmap scan report for doh.home.arpa (192.168.2.253)
Host is up (0.00063s latency).
MAC Address: 00:08:A2:0C:E6:20 (ADI Engineering)
Nmap scan report for UC (192.168.2.13)
Host is up.
Nmap done: 256 IP addresses (8 hosts up) scanned in 3.41 seconds
root@UC:/home/user# 

 

$ nmap -sn 192.168.2.0/24
Starting Nmap 7.95 ( https://nmap.org ) at 2025-01-06 06:44 Central Standard Time
Nmap scan report for uap-ac-pro.home.arpa (192.168.2.2)
Host is up (0.0020s latency).
Nmap scan report for uap-ac-lr.home.arpa (192.168.2.3)
Host is up (0.0020s latency).
Nmap scan report for uap-ac-lite.home.arpa (192.168.2.4)
Host is up (0.0020s latency).
Nmap scan report for 192.168.2.6
Host is up (0.0020s latency).
Nmap scan report for UC.home.arpa (192.168.2.13)
Host is up (0.0010s latency).
Nmap scan report for brother.home.arpa (192.168.2.50)
Host is up (0.0050s latency).
Nmap scan report for Kims-iphone.home.arpa (192.168.2.203)
Host is up (0.095s latency).
Nmap scan report for doh.home.arpa (192.168.2.253)
Host is up (0.00s latency).
Nmap done: 256 IP addresses (8 hosts up) scanned in 4.68 seconds

My linux box is on the 192.168.2 network, while my windows is on 192.168.9 network.  Notice how my linux comes back with the mac address, but windows does not.

Your linux shows mac, so assume its on that 1 network, but your windows does not so take it is not on the 192.168.1 network.

See if I run on my windows on the local network 192.168.9.0 it comes back with macs for the IPs on that network.

$ nmap -sn 192.168.9.0/24
Starting Nmap 7.95 ( https://nmap.org ) at 2025-01-06 06:51 Central Standard Time
Nmap scan report for nas.home.arpa (192.168.9.10)
Host is up (0.0019s latency).
MAC Address: 00:11:32:7B:29:7D (Synology Incorporated)
Nmap scan report for nas.2ndIP.home.arp (192.168.9.11)
Host is up (0.0040s latency).
MAC Address: 00:11:32:7B:29:7E (Synology Incorporated)
Nmap scan report for sg300-10.home.arpa (192.168.9.98)
Host is up (0.013s latency).
MAC Address: C0:7B:BC:65:4F:13 (Cisco Systems)
Nmap scan report for sg300-28.home.arpa (192.168.9.99)
Host is up (0.012s latency).
MAC Address: 70:6E:6D:F3:11:93 (Cisco Systems)
Nmap scan report for sg4860.home.arpa (192.168.9.253)
Host is up (0.0016s latency).
MAC Address: 00:08:A2:0C:E6:24 (ADI Engineering)
Nmap scan report for i9-win.home.arpa (192.168.9.100)
Host is up.
Nmap done: 256 IP addresses (6 hosts up) scanned in 1.94 seconds

But if run that scan from linux that is on the .2 network it doesn't for the stuff on the 9 network

root@UC:/home/user# nmap -sn 192.168.9.0/24
Starting Nmap 7.80 ( https://nmap.org ) at 2025-01-06 06:52 CST
Nmap scan report for nas.home.arpa (192.168.9.10)
Host is up (0.00041s latency).
Nmap scan report for nas.2ndIP.home.arp (192.168.9.11)
Host is up (0.0033s latency).
Nmap scan report for sg300-10.home.arpa (192.168.9.98)
Host is up (0.0037s latency).
Nmap scan report for sg300-28.home.arpa (192.168.9.99)
Host is up (0.0037s latency).
Nmap scan report for i9-win.home.arpa (192.168.9.100)
Host is up (0.00052s latency).
Nmap scan report for sg4860.home.arpa (192.168.9.253)
Host is up (0.00030s latency).
Nmap done: 256 IP addresses (6 hosts up) scanned in 3.57 seconds

So its quite possible that devices your scanning from windows have firewalls and just don't want to answer the ping from some IP that is not on their local network.  Or maybe they are using a different gateway and ping doesn't work at all from that IP your scanning from.

 

 

  • Like 1

Ah, I think I found the issue! I'm a bit of a muppet...

The culprit seems to have been NordVPN. For some reason, in Linux the setting for LAN discovery is set to "disabled" by default. After switching it to "enabled" I've been able to remotely connect to the box. NordVPN also has a firewall option that is enabled by default, but after switching that off Nmap runs the scan successfully.

Weird how the default settings for NordVPN seem to be different on Linux compared to Windows. Oh well!

Weird indeed.. Well, NordVPN runs differently in Linux. In windows, theres an app for it. In Linux, its different. (Havent used NordVPN in a couple years, not sure what they use now)

Not a fan of any of those - whats the saying I wouldn't touch that with a 20ft pole.

There is a more colorful version of that - but prob not appropriate to use here ;)

 

  • Haha 1
  On 06/01/2025 at 17:57, BudMan said:

Not a fan of any of those - whats the saying I wouldn't touch that with a 20ft pole.

There is a more colorful version of that - but prob not appropriate to use here ;)

Expand  

I know we're going a bit off-topic here, but could you explain a bit further?

I assume by "not being a fan of any of those" you mean commercial VPN options? If so, what is your preference? In-house VPN? I might look into setting something like that up with the Raspberry Pi if it's worthwhile...

Oh the Pi's I love them - what is your use case for your vpn? Hiding your https traffic that is already encrypted from your bad isp? Hiding your IP from websites you visiting like neowin? Or just your tin foil hat and someone/something sold you on that vpn will protect your privarcy?

Or are you using it to circumvent some geo ip restriction? Or hiding that your doing p2p from your isp?

Give me the use case of running some vpn on your pi or your pc and we can discuss options.

That nord one - I know for a fact they have somewhat recently started intercepting dns traffic - I have not heard that they stopped doing that.. That breaks dns resolving, etc. Do a query to 1.2.3.4 for dns - does it answer? If so your dns is being intercepted because 1.2.3.4 doesn't answer dns.

  On 07/01/2025 at 02:31, BudMan said:

what is your use case for your vpn?

Expand  

Mostly getting around geo restrictions, although I guess I have also fallen for the hype of additional privacy from ISP's and "free WiFi" networks.

So free wifi - what sort of traffic would you be sending over this free wifi that wouldn't already be encrypted, what traffic these days is not via https? If you concerned with this - then running vpn server on your home connection and routing traffic through that would remove that concern. As to hiding your encrypted traffic from your isp.. Why are you using this isp if you don't trust them to not mitm your encrypted traffic?  But you trust some vpn service because why - they say trust us? And tell you your isp is spying on you? And you throw them a few bucks a month.. How much do you pay your isp?

Your geoip circumvention is really the only one that makes any sense for use of a vpn service that has endpoints all over the planet.. Personally I don't really understand the need of that - are you wanting to watch say the US netflix library, or something like that?  Do you hop around the globe with different endpoints for different geoip restrictions.. If I wanted to say looked like I was coming from the UK vs the US, I would just fire up a vps in that region and route the specific traffic I wanted to look like it was coming from the UK, vs putting some 3rd party client on my boxes.. That now slows down all my other non geoip restrictive traffic, etc.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • The viewing figures in season 2 plummeted after 1 of the main characters died in season 2 episode 1. I think hbo is regretting listening to him so they got rid of him.
    • Google Workspace now lets you use custom AI Gems directly in Docs, Gmail, and more by Paul Hill Google Workspace users can now access Gems from the side panel of Google Docs, Slides, Sheets, Drive, and Gmail. Previously, Gems could only be accessed from the Gemini app directly. For anyone not familiar with Gems, they’re a more advanced feature in Gemini where you can make your own chatbots, powered by Gemini, with custom instructions. If you’re interested in learning more about them, check out my editorial from April, where I argue custom AI bots are the best thing about generative AI and how to create your own bots. The decision to make Gems available across Google Workspace has the potential to significantly speed up people’s workflows if they’ve started using Gems already. If you’ve never made a Gem, Google has several pre-made ones including a Brainstormer, Writing editor, Coding partner, and Learning guide. Google Workspace users can leverage Gems in an almost infinite number of ways. For example, imagine if you’re a teacher in whatever country and you have to make lesson plans for your class that must follow a certain structure, you can use natural language to program a gem to expect certain inputs from you (such as grade, subject, topic etc) and get an output that follows the required guidelines. If you’re a journalist, you could create a gem to quickly strip out the key bits of news from a press release or if you’re a student you can create a bot to break down complicated subjects into something easier to understand. The possibilities are nearly endless and now the Gems you make are even more accessible. Google mentioned that Gems can be accessed via the side panel of all supported Workspace applications and can be used across Workspace capabilities including @ mentioning, accessing files and folders, and more. If you need to create a Gem, you’ll still need to do that on the Gemini website. To get started with Gemini in Google Workspace, just click the “Ask Gemini” (spark button) in the top-right corner. Google said that the Gems feature rollout is an extended rollout which means it might take more than 15 days to get the feature. Admins out there do not need to do anything and there are no specific admin controls in the side panel for Gems or Gemini.
    • Microsoft changes hit Teams Android devices: Disable Entra ID policy to restore sign-in by Paul Hill As part of its Secure Future Initiative, Microsoft has deployed a new Entra ID Conditional Access policy targeting Device Code Flow authentication. Unfortunately, it has led some Microsoft Teams-certified Android devices (Teams Rooms on Android, Teams Phones, Teams Panels, and Teams Displays) to be logged out and signing back in can be a bit fiddly so guidance has been shared. Microsoft said that it shared previous guidance which explained how to exclude Android devices, but it seems some admins didn’t catch this as many devices were not excluded and have been signed out. It’s important to realize that this is not a bug, it’s a security feature. However, the move could have been better communicated. To sign the devices back in, you can do so manually. However, if the devices are remote you’ll need to follow these steps: By disabling the “Block device code flow” policy in step 1, it will change everything back to how it was before Microsoft decided to enable it to boost security. This will allow you to get those affected Android devices logged back in again. Also pay special attention to step 2 which says you might need to reboot your device three times. Once you have your Android devices logged in again, it’s probably a good idea to follow Microsoft’s previous guidance and add these to an exclusion list before re-enabling the “Block device code flow” policy. Microsoft recommends only allowing DCF where it’s absolutely necessary and then blocking it elsewhere. The best thing to do is to add your Teams Android device to the exclusion list - this will allow these devices to operate normally, while boosting overall security. If you’re an admin and have been impacted by this, be sure to take proactive measures to avoid disruptions in the future.
    • Can someone help me with writing a batchfile using notepad to tell me to start a vpn plz? I would greatly appreciate any help  
  • Recent Achievements

    • Reacting Well
      SteveJaye earned a badge
      Reacting Well
    • One Month Later
      MadMung0 earned a badge
      One Month Later
    • One Month Later
      Uranus_enjoyer earned a badge
      One Month Later
    • Week One Done
      Philsl earned a badge
      Week One Done
    • Week One Done
      Jaclidio hoy earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      435
    2. 2
      ATLien_0
      158
    3. 3
      +FloatingFatMan
      146
    4. 4
      Nick H.
      65
    5. 5
      +thexfile
      62
  • Tell a friend

    Love Neowin? Tell a friend!