nmap is an amazing utility. With all of it’s flags and options it really gives you the power to know what is out in a network.
I used this to do a simple ping scan of my home network:
# nmap -nsP 192.168.1.0/24
Starting Nmap 5.00 ( http://nmap.org ) at 2013-08-22 09:06 MST
Host 192.168.1.1 is up (0.0051s latency).
MAC Address: 00:18:39:4E:82:60 (Cisco-Linksys)
Host 192.168.1.90 is up.
Nmap done: 256 IP addresses (2 hosts up) scanned in 5.51 seconds
Hosts that allow icmp echo requests will show up. I can see my router and my workstation, but no other hosts (no other pingable hosts at least). I’m looking for a RPi that I recently plugged into the network. It doesn’t look like it’s up. Time to drag out the spare monitor and keyboard…
When troubleshooting network connectivity issues the best method is to begin with the lower layers of the OSI model and work your way up until you eliminate the problem. It’s similar to the way some people troubleshoot helpdesk issues, where the first question is always “is it plugged in?”
Suppose you have 2 hosts, and you are trying to do an snmp query from one to the other. It doesn’t work.
# snmpwalk -v2c -c public 10.210.0.142
Timeout: No Response from 10.210.0.142
You try pinging one from the other and you get replies. At this point you know that everything is working through layer 3, but something is not right with the transport layer. If you were troubleshooting a TCP based application, you could just use ol’
telnet to test if the port will open up. To see if a webserver is running you could try to
telnet to port 80. UDP is a connectionless protocol, and can’t be tested like TCP. Here is where you can use
nmap to see if the UDP port in question is open. In this case we know that by default snmpd listens on UDP 161.
# nmap -sU -v -p161 10.210.0.142
Starting Nmap 5.00 ( http://nmap.org ) at 2013-04-24 11:27 MST
NSE: Loaded 0 scripts for scanning.
Initiating ARP Ping Scan at 11:27
Scanning 10.210.0.142 [1 port]
Completed ARP Ping Scan at 11:27, 0.03s elapsed (1 total hosts)
Initiating UDP Scan at 11:27
Scanning example.fordodone.com (10.210.0.142) [1 port]
Completed UDP Scan at 11:27, 0.07s elapsed (1 total ports)
Host example.fordodone.com (10.210.0.142) is up (0.00100s latency).
Interesting ports on example.fordodone.com (10.210.0.142):
PORT STATE SERVICE
161/udp closed snmp
MAC Address: 00:0C:29:A2:BE:4D (VMware)
Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.43 seconds
Raw packets sent: 2 (70B) | Rcvd: 2 (98B)
Well, there you go. The port is closed. No wonder our queries were timing out. Remove the
-p161 part to just scan for all open UDP ports. Also, if your host doesn’t allow icmp, you can use
-P0 to just skip host discovery, and assume it’s up. Depending whether they are open, filtered, or closed, you can start to diagnose what’s going on, i.e. snmpd crashed, firewall is blocking it, etc.