# [solved] can't scan my UML with nmap although a ping works

## toralf

My host system is 192.168.0.254 (n22.n22_domain), the tap0 device to the User Mode Linux is 192.168.0.253 (n22_tun), the UML itself has an ip address  of 192.168.0.50 (n2_uml.uml_domain) and this works :

```
tfoerste@n22 ~ $ ping -c 3 n22_uml                        

PING n22_uml.uml_domain (192.168.0.50) 56(84) bytes of data.

64 bytes from n22_uml.uml_domain (192.168.0.50): icmp_seq=1 ttl=64 time=0.172  ms

64 bytes from n22_uml.uml_domain (192.168.0.50): icmp_seq=2 ttl=64 time=0.171  ms

64 bytes from n22_uml.uml_domain (192.168.0.50): icmp_seq=3 ttl=64 time=0.161  ms

--- n22_uml.uml_domain ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 1999ms

rtt min/avg/max/mdev = 0.161/0.168/0.172/0.005 ms             

tfoerste@n22 ~ $ /usr/sbin/tracepath n22_uml        

 1:  n22_tun.n22_domain (192.168.0.253)                     0.312ms pmtu 1500

 1:  n22_uml.uml_domain (192.168.0.50)                      0.196ms reached  

 1:  n22_uml.uml_domain (192.168.0.50)                      0.103ms reached  

     Resume: pmtu 1500 hops 1 back 64                                        

```

However this not :

```
22 /usr/portage/net-analyzer/nmap #  nmap n22_uml

Starting Nmap 4.76 ( http://nmap.org ) at 2010-03-09 22:06 CET

Note: Host seems down. If it is really up, but blocking our ping probes, try -PN

Nmap done: 1 IP address (0 hosts up) scanned in 0.27 seconds

```

although this works :

```
n22 /usr/portage/net-analyzer/nmap #  nmap --unprivileged n22_uml

Starting Nmap 4.76 ( http://nmap.org ) at 2010-03-09 22:06 CET

Interesting ports on n22_uml.uml_domain (192.168.0.50):

Not shown: 997 closed ports

PORT    STATE SERVICE

22/tcp  open  ssh

53/tcp  open  domain

111/tcp open  rpcbind

Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds
```

I'm pretty sure that this behavior is new (which means happens since some weeks or few month) but why does a normal nmap scan doesn't work anymore ?

I downgraded nmap to 4.76 (I'm pretty sure it worked) but nowadays this version doesn't work.Last edited by toralf on Wed Mar 10, 2010 5:41 pm; edited 1 time in total

----------

## malern

Sounds like it can't capture raw packets from the tap0 interface for some reason. The "unprivileged" mode works by using the standard networking system calls, so wouldn't be affected. 

You could try adding "-e tap0", just to make sure it's using the right interface.

Also, it could be the version of libpcap you're using that is causing the problem, have you tried downgrading/upgrading that?

----------

## toralf

 *malern wrote:*   

> You could try adding "-e tap0", just to make sure it's using the right interface.

 That was it - thx  :Smile: 

----------

