Meraki

Community

NMAP scans on Meraki networks

Solved
Nemo
Here to help
‎Jun 25 2020 10:54 AM
‎Jun 25 2020 10:54 AM

NMAP scans on Meraki networks

Hello

 

I'm starting to play around with using NMAP to run various host discovery and port scans against clients on our network.  I have a client VPN subnet and I am scanning against other subnets that are connected by site to site vpn.  I have a site to site outbound firewall rule that allows any/any from the client vpn subnet to the target subnets.

 

My expectation is that I should get answers from hosts that are up and set to reply to the discovery scan and that I should  get no reply from IP addresses that are not in use.  However I continually get results that show all hosts are up on a subnet.  Even when I know that there is no host associated with a particular address.  

 

Is this expected behavior from Meraki firewalls?  Do they just reply to all requests even if there is no client there?  Is this behavior documented somewhere so that I can review and try to understand what's going on?  

 

Thanks!

1 Accepted Solution
Nemo
Here to help
‎Jun 25 2020 1:05 PM
‎Jun 25 2020 1:05 PM

Just following up on my own post incase anyone else ever has this issue.  

 

I'm running nmap from a vm and I think the source of the problem has more to do with the way the vm attaches to the network.  There appears to be some sort of proxy going on that is interfering with nmaps ability to scan the targets directly.  I've seen some posts discussing running the vm in a bridged mode but my situation is complicated by the fact that I am also connected to the meraki network through client vpn and I'm not finding an easy way to bridge the vm connection to the client vpn.  I'm going to look into creating a client vpn connection from within the vm and try to resolve the issue that way.  

 

Either way, it appears that my results have nothing to do with meraki or nmap but more to do with running from within a vm and how it attaches to the network.

View solution in original post

2 Replies 2
Nemo
Here to help
‎Jun 25 2020 1:05 PM
‎Jun 25 2020 1:05 PM

Just following up on my own post incase anyone else ever has this issue.  

 

I'm running nmap from a vm and I think the source of the problem has more to do with the way the vm attaches to the network.  There appears to be some sort of proxy going on that is interfering with nmaps ability to scan the targets directly.  I've seen some posts discussing running the vm in a bridged mode but my situation is complicated by the fact that I am also connected to the meraki network through client vpn and I'm not finding an easy way to bridge the vm connection to the client vpn.  I'm going to look into creating a client vpn connection from within the vm and try to resolve the issue that way.  

 

Either way, it appears that my results have nothing to do with meraki or nmap but more to do with running from within a vm and how it attaches to the network.

In response to Nemo
CptnCrnch
Kind of a big deal
Kind of a big deal
‎Jun 25 2020 11:27 PM
‎Jun 25 2020 11:27 PM

Good finding, thanks for the update!

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.