How can I use nmap against an IPoIB network?

Question

I'm trying to use nmap to check which services are running on a given network but it cannot start just because nmap issues ARP Ping Scans on IPv4 network, and on a Infiniband Network, as far as I know, there's no ARP, because broadcasting is not supported, but you have IP addressing if you're using IPoIB (IP over Infiniband).

I can confirm that IP network is working since I can do normal ping, ssh and everything else, but nmap fails.

Here's the output:

# nmap 172.27.0.1-21 -v

Starting Nmap 6.40 ( http://nmap.org ) at 2023-02-04 13:32 -03
Initiating ARP Ping Scan at 13:32
Scanning 21 hosts [1 port/host]
Completed ARP Ping Scan at 13:32, 1.23s elapsed (21 total hosts)
Nmap scan report for 172.27.0.1 [host down]
Nmap scan report for 172.27.0.2 [host down]
Nmap scan report for 172.27.0.3 [host down]
Nmap scan report for 172.27.0.4 [host down]
Nmap scan report for 172.27.0.5 [host down]
Nmap scan report for 172.27.0.6 [host down]
Nmap scan report for 172.27.0.7 [host down]
Nmap scan report for 172.27.0.8 [host down]
Nmap scan report for 172.27.0.9 [host down]
Nmap scan report for 172.27.0.10 [host down]
Nmap scan report for 172.27.0.11 [host down]
Nmap scan report for 172.27.0.12 [host down]
Nmap scan report for 172.27.0.13 [host down]
Nmap scan report for 172.27.0.14 [host down]
Nmap scan report for 172.27.0.15 [host down]
Nmap scan report for 172.27.0.16 [host down]
Nmap scan report for 172.27.0.17 [host down]
Nmap scan report for 172.27.0.18 [host down]
Nmap scan report for 172.27.0.19 [host down]
Nmap scan report for 172.27.0.20 [host down]
Nmap scan report for 172.27.0.21 [host down]
Read data files from: /usr/bin/../share/nmap
Nmap done: 21 IP addresses (0 hosts up) scanned in 1.30 seconds
           Raw packets sent: 42 (1.176KB) | Rcvd: 0 (0B)

Confirm that network is working:

ping 172.27.0.10
PING 172.27.0.10 (172.27.0.10) 56(84) bytes of data.
64 bytes from 172.27.0.10: icmp_seq=1 ttl=64 time=0.101 ms
64 bytes from 172.27.0.10: icmp_seq=2 ttl=64 time=0.067 ms
64 bytes from 172.27.0.10: icmp_seq=3 ttl=64 time=0.061 ms
64 bytes from 172.27.0.10: icmp_seq=4 ttl=64 time=0.105 ms
^C
--- 172.27.0.10 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.061/0.083/0.105/0.021 ms

And also TCP:

# ssh 172.27.0.10
Last login: Sat Feb  4 12:28:26 2023 from xxxxxxx
[root@n10 ~]# hostname
n10

How can I use nmap on a IPoIB network?

I would not ask If i didn't read. I'm using nmap for more than 20 years... Anyway already answered, there was a trick to make it work. — Vinícius Ferrão, Feb 07 '23 at 00:30

score 1 · Accepted Answer · answered Feb 06 '23 at 03:55

I've figured out. -sT flag did the trick, but for reasons that I still don't understand it only works with -P0 or -Pn.

Since I'm only caring for TCP services, in this case, -sT was sufficient.

Also it's important to observe that -P0 or -Pn alone also says that hosts are down.

So the final command was something like this: nmap -e ib0 <IP_ADDRESS> -v -sT -P0.

How can I use nmap against an IPoIB network?

1 Answers1