How Do You Troubleshoot the nmap Results “Host seems down” when the Other Server is Not Down?

Problem scenario
Two servers have a specific incoming port open between them. But when you try nmap to test the port, you get a message like this:

Starting Nmap 7.60 ( ) at 2019-10-08 19:57 UTC
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.04 seconds

What should you do?

Possible solution #1
Try to use "sudo" before your nmap command. You can find that port 22 is open via SSH or with "sudo nmap -p 22 x.x.x.x" or with "nmap -Pn x.x.x.x" or with using SSH. Just using "nmap -p 22 x.x.x.x" can show that "Host seems down". To learn more about the differences with "sudo" see this posting.

Possible solution #2
Try internal or external IP addresses. Some security rules governing the endpoints (or devices) filter based on the originating IP address.

Possible solution #3
Double check the IP addresses; human error can make this symptom seem to appear. Use traceroute or tracert between the servers.

Possible solution #4
Have ICMP packets been turned off in the intermediate network devices? Try to use ping to see if it works. nmap results can show nothing, but ping may tell you something.

Possible solution #5
Configure security groups, network security groups, firewalls, routers, and/or IDSes between the endpoints. Incoming or outgoing ports can be filtered. Open more ports between the two hosts. If a firewall or security group is blocking some ports, this could happen. Surgically opening the port you are testing in an Amazon Security Group would not be sufficient to have nmap show it is open.

Possible solution #6
See this posting.

Leave a comment

Your email address will not be published. Required fields are marked *