How Do You Troubleshoot Discrepant nmap Results Based on The sudo Command?

Problem scenario
You are using nmap. You try the exact same command with sudo and without sudo. Why are these commands providing different results?

Here are examples of running the exact same command, once with "sudo" and once without:

jdoe@ciserver:~$ sudo nmap -p 9090 192.168.2.25
Starting Nmap 7.80 ( https://nmap.org ) at 2022-01-05 09:56 EST
Nmap scan report for 192.168.2.25
Host is up (0.00056s latency).

PORT     STATE  SERVICE
9090/tcp closed zeus-admin
MAC Address: 08:00:27:32:27:2C (Oracle VirtualBox virtual NIC)

Nmap done: 1 IP address (1 host up) scanned in 0.25 seconds
jdoe@ciserver:~$ nmap -p 9090 192.168.2.25
Starting Nmap 7.80 ( https://nmap.org ) at 2022-01-05 09:56 EST
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 0.07 seconds

Why is there a discrepancy in the output?

Solution/Answer
Use the -vv flag and you will learn that the difference is that with sudo the nmap command uses an "ARP Ping Scan" as opposed to a regular "Ping Scan." To learn why these are so different, see https://nmap.org/book/man-host-discovery.html.

See also this posting or Possible Solution #4 and the "**" at the end of this posting.

Leave a comment

Your email address will not be published. Required fields are marked *