I have a simple question that I'm trying to wrap my head around. I know this requires knowledge of my internal network, but at a glance, what do you guys think..
I cannot ping a host in my network (nor can I arping the host), however nmap can detect the host.
Does this mean I have connectivity to the host? Or am I dead in the water?
I have a route to the host in my routes, and iptables is disabled on my server (rhel6).
192.168.6.0 0.0.0.0 255.255.255.128 U 0 0 0 bond2
--- 192.168.6.5 ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5212ms
--- 192.168.6.6 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1097ms
Nmap scan report for mdc001 (192.168.6.5)
Host is up (0.00017s latency).
MAC Address: 12:34:56:78:90:AB (Hewlett Packard)
Nmap scan report for mdc002 (192.168.6.6)
Host is up (0.00018s latency).
MAC Address: 12:34:56:78:90:AB (Hewlett Packard)
(MAC's modified for obscurity).
What gives? Am I able to communicate with the host or not? Also, there were link-local routes for the interface on that network (bond2), but I removed them just in case.
Diego
Best Answer
You might have a device which is not configured to provide an ICMP echo response (the device replying PONG to your PING in essence). That doesn't mean that it isn't there, and NMAP can use other indicators to decide whether or not a device is really 'UP' or not.
One example would be a 'TCP ping'. In this case NMAP would send a SYN or an ACK packet to a TCP port and see if it responds (NMAP will try Port 80 first according to the documentation), if there is a service listening on the device, it will respond to NMAP's request (thus giving away the fact that the device is really there).