I can’t find my switch’s ip by both ARP and ICMP protocols scan with nmap

My switch is a TP-Link TL-SG105E perfectly function, but I can’t access to it because, it’s like hidden somehow from the network. I used tools like Netdiscover:

netdiscover -I wlp2s0 -r 192.168.0.0/24

and Nmap:

nmap -PR 192.168.1.0/24 nmap -SP 192.168.1.0/24

and I tried to find it via open port 80

nmap -p 80 192.168.1.0/24

And many other tests. All of them gave me the same result but not my switch IP or mac address. I’m wondering how it is possible that a fully functional device which previously could identify even the operating system now can’t find it on the network and still work without responding to the ARP ICMP HTTP protocols. It’s not even listed in Router’s DHCP address table. How can it still work? And how can it not be found after scanning the network? And for those who wonder, I hit the reset button and it’s still the same.

Thank you all for your time.

Nmap scanning with and without proxychains has different behaviour

I’m doing a nmap scan to my own machine to my own machine. First of all I set the port 333 to listen with this command sudo nc -lvnp 333

On the other terminal I run sudo nmap -O -sV -p 0-65535 IP where IP is my local IP. The result I got on the nmap terminal is this one:

enter image description here

But on the terminal where I opened the port, the process finishes and I have this message:

    root@kali:~$   sudo nc -lvnp 333     listening on [any] 333 ...     connect to [IP] from (UNKNOWN) [IP] 47462 

I got curious and I tried to do the same thing with proxychain just to check which IP would appear, so I run sudo proxychains nmap -O -sV -p 0-65535 IP

The result on the nmap terminal was different I guessed because the limitations of nmap through proxy I read in other places:

enter image description here

But when I checked on the nc terminal the process didn’t finish and it doesn’t seem that noticed some scan was checking that port. Which is the reason that with proxychains the scan was stealthy?

Host not connected to my router shows up in a nmap scan

After scanning my local network with nmap, this host shows up listed as a nmap result but it is the only host that shows on nmap that is not listed as a client on my router list of connected devices.

❯ nmap 192.168.0.xxx -A                                                                                                                                                                  Starting Nmap 7.80 ( https://nmap.org ) at 2020-04-21 14:33 -03 Nmap scan report for 192.168.0.xxx Host is up (0.0056s latency). Not shown: 998 closed ports PORT     STATE SERVICE VERSION 6666/tcp open  upnp    MiniUPnP 1.6 (Linksys/Belkin WiFi range extender; SDK 4.1.2.0; UPnP 1.0; MTK 2.001) |_irc-info: Unable to open connection 8888/tcp open  upnp    MiniUPnP 1.6 (Linksys/Belkin WiFi range extender; SDK 4.1.2.0; UPnP 1.0; MTK 2.001)  Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 37.47 seconds 

What exactly about this host might be causing it to show on nmap in my local network if its not connected to my router?

nmap script “smb-os-discovery.nse” does not output information about the host OS?

I was following this Lynda course.

https://www.linkedin.com/learning/ethical-hacking-enumeration/enumerating-smb-from-linux-episode-1

The instructor used this script to detect the OS of the target system.

nmap --script /usr/share/nmap/scripts/smb-os-discovery.nse 192.168.56.3 

I have a OWASP box vm and Kali Linux running in a host only network in VirtualBox.

192.168.56.3 is the IP of OWASP. I’m running the above command from the Kali linux.

The output is

Starting Nmap 7.70 ( https://nmap.org ) at 2020-04-21 01:00 CDT mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns-servers Nmap scan report for 192.168.56.3 Host is up (0.00045s latency). Not shown: 991 closed ports PORT     STATE SERVICE 22/tcp   open  ssh 80/tcp   open  http 139/tcp  open  netbios-ssn 143/tcp  open  imap 443/tcp  open  https 445/tcp  open  microsoft-ds 5001/tcp open  commplex-link 8080/tcp open  http-proxy 8081/tcp open  blackice-icecap MAC Address: 08:00:27:FE:F6:AC (Oracle VirtualBox virtual NIC) 

A port scan is done but the OS detection part in the script is not performed.

For example this is the output shown in the tutorial

enter image description here

Nmap scan is not showing all devices in my network

I have an Android device that runs Android9 and also another Android device that runs Android6 on it. I shared Android9’s internet to Android6 through a wifi connection. Then I shared the Android6’s internet to my computer (runs linux) through USB Tethering option. Then on my computer, I run the command sudo nmap -sn <my_network_address>

It only showed my Android6’s ip address and my computer’s ip address. It does not show my Android9 on that list.

I want to know why do this happen.

Thanks in advance.

Why nmap scans port in my default gateway?

I tried to use nmap in my computer and saw that nmap cant find nothing for my local computer ip(even that HTTPS absolutely open).

But when I tried to scan nmap with range of IP’s I saw that the only open port’s nmap found was on the default gateway ip.

Why is that?(cant find nothing on the web).

edit: I have been asked to give exampale.

so lets say my default getway(router) ip its 1.1.1.1 and my first computer local ip is 1.1.1.2 and my second computer loacl ip is 1.1.1.3

when I try nmap(with different parameters) on 1.1.1.2 or 1.1.1.3 I dont getting any open port(“all 1000 ports are closed”)

but when I try nmap on 1.1.1.1 I am getting 12 open ports(that I belive open on my first or second computer).

nmap host up but reason = no-response

I have a strange situation. My scanning machine is on networkA and target is on networkB. Those networks are managed by IP pools in cisco ASA.

When I nmap the target with -Pn -sS --reason, I get as results the following:

Host is up ; port is filtered ; reason = no-response 

What doesn’t make sense is Host is up. It should not be there since there is no routing between those pools.

What do you think of that?

How do I see the incoming traffic into my VM during the Nmap scan? [closed]

I’m testing this decoy feature from nmap, and pretend to be a bad guy. I will run it against my owned VM.

sudo nmap -sS -sV 142.93.112.115 -D 192.168.0.3,10.0.0.2,172.33.22.1 

If I SSH into my server, wow do I see the incoming traffic into my VM (Ubuntu) during the Nmap scan ?

I’ve tried netstat -plant, and iftop, not so good.