Develop Reference

nmap to scan MAC address for remote machine by non-ROOT user

Env- Centos 7 , nmap 6.40
Currently I'm trying to fetch MAC/HW addresses for few list of IP's via nmap command utility and with root user its working perfectly.
As root user
nmap -sP -PE -iL <list-of-IPs>
Starting Nmap 6.40 ( http://nmap.org ) at 2018-06-19 07:05 EDT
Nmap scan report for 192.168.xx.xx
Host is up (0.0015s latency).
MAC Address: XX:XX:XX:XX:XX:XX
As non-root user
nmap -sP -PE -iL <list-of-IPs>
Warning: You are not root -- using TCP pingscan rather than ICMP
Starting Nmap 6.40 ( http://nmap.org ) at 2018-06-19 07:19 EDT
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 2.01 seconds
Requesting your suggestion/help how the same to be achieve via normal user.
Thanks

Nmap must be run as root in order to retrieve this information. Fortunately, there are other sources of MAC address information on a Linux system: the system's ARP tables. After making an attempt to contact an IP address (either using Nmap or some other tool like ping), run arp -n to print the table of IP-to-MAC address mappings.

It is possible to run nmap as non-root user. This Wiki describes pretty good how to set everything up to run it as an unprivileged user. The linked tutorial also describes this for Ubuntu and Red Hat systems, which should be good for you since you are on CentOS.
I think it is important to keep this security warning in mind:
WARNING: This is dangerous. The Nmap Scripting Engine (NSE) allows scripts to sniff the network, change firewall roules and interface configuration, or exploit vulnerabilities including on localhost. It's possible, especially with elevated capabilities, for a clever person to use Nmap and NSE to escalate to full root privileges. If you do not understand these risks, do not do this.
Summary from the Wiki:
1. Restrict access to certain groups, for example adm. Make sure that you use the right location of nmap. In my case, this was /usr/bin/nmap:
sudo chgrp adm /usr/bin/nmap
sudo chmod 750 /usr/bin/nmap
2. Make sure the setcap command is installed (more information about capabilities here):
sudo yum install libcap
3. Now, set the capabilities. Once again, make sure to use the right location.
sudo setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip /usr/bin/nmap
4. Finally, you are able to run nmap as unprivileged user. But, you have to explicitly define that you want to do so. You can define it as an argument of nmap
nmap --privileged -sP -PE -iL <list-of-IPs>
or as an environmental variable:
export NMAP_PRIVILEGED=""
Edit: I don't exactly know why this answer is being down-voted since this is one possible answer to the question (although the question is of course better suited for Super User or Unix & Linux Stack Exchange). I added the results from my own systems with and without --privileged below:
$ nmap -sP -PE 192.168.0.1
Warning: You are not root -- using TCP pingscan rather than ICMP
Starting Nmap 7.60 ( https://nmap.org ) at 2018-06-20 08:52 CEST
Nmap scan report for <HOST NAME> (192.168.0.1)
Host is up (0.0011s latency).
Nmap done: 1 IP address (1 host up) scanned in 0.03 seconds
$ nmap --privileged -sP -PE 192.168.0.1
Starting Nmap 7.60 ( https://nmap.org ) at 2018-06-20 08:52 CEST
Nmap scan report for <HOST NAME> (192.168.0.1)
Host is up (0.0014s latency).
MAC Address: XX:XX:XX:XX:XX:XX (<MANUFACTURER NAME>)
Nmap done: 1 IP address (1 host up) scanned in 0.32 seconds

What is the meaning of the command `sudo nmap -sP -n 192.168.0.0-255`?

What is the meaning of the following command and why its not given at help menu of nmap?
Sample command: sudo nmap -sP -n 192.168.0.0-255
Sample output:
Starting Nmap 7.60 ( https://nmap.org ) at 2017-10-14 16:09 +06
Nmap scan report for 192.168.0.1
Host is up (0.0035s latency).
MAC Address: 20:L6:A7:55:3D:44 (D-link Technologies)
Nmap scan report for 192.168.0.104
Host is up (0.20s latency).
MAC Address: 18:97:F8:15:26:D9 (Zen Mobile Communication Technology)
Nmap scan report for 192.168.0.118
Host is up.
Nmap done: 256 IP addresses (3 hosts up) scanned in 6.31 seconds
What does -sP mean and why is it used?
This command works properly, but it is not listed to man and help menu.
Please elaborate the circumstances.

From the man page:
In previous releases of Nmap, -sn was known as -sP..

Scanning using nmap

folks.Is there away to use nmap to scan for open resolvers in ones network.I have this command from the nmap page but it seems itsnot working
nmap -sU -p 53 --script=dns-recursion <target>

I did the command and It is working as spected.
[root#Golgota /home/test]# nmap -sU -p 53 --script=dns-recursion 8.8.8.8
Starting Nmap 6.47 ( http://nmap.org ) at 2015-02-26 22:39 CET
Nmap scan report for google-public-dns-a.google.com (8.8.8.8)
Host is up (0.021s latency).
PORT STATE SERVICE
53/udp open domain
|_dns-recursion: Recursion appears to be enabled
Nmap done: 1 IP address (1 host up) scanned in 0.50 seconds

Opening a port with iptables doesn't work

I want to open a port on Debian with iptables -A INPUT -p tcp --dport 80 -j ACCEPT, but it's not working. When I scan the localhost:
root#debian:~# nmap -p 80 localhost
Starting Nmap 6.00 ( http://nmap.org ) at 2014-08-27 12:38 CEST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00033s latency).
Other addresses for localhost (not scanned): 127.0.0.1
PORT STATE SERVICE
80/tcp closed http
Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds
I can't connect with netcat:
root#debian:~# nc -vv localhost 80
localhost [127.0.0.1] 80 (?) : Connection refused
sent 0, rcvd 0
But it's on the iptables:
root#debian:~# iptables -L
...
ACCEPT tcp -- anywhere anywhere tcp dpt:80
...
I've also opened the port to the internet with NAT on my router.
I'm using Debian 3.2.0-4 on i368.

You need something to listen this port to accept connections. Web server for example.
Run this to see if you have a running server that listen 80 port:
netstat -ntlup | grep 80

nmap says port is closed while nestat says it's listening

This is Ubuntu 12.04 env. I have a TCP service running on port 8020 on the box:
My question is:
Why port 8020 is not discovered in nmap as an open port while nestat says it's listening?
if i run
netstat -tuplen
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 127.0.0.1:9001 0.0.0.0:* LISTEN 0 10564 1917/python
tcp 0 0 127.0.0.1:8020 0.0.0.0:* LISTEN 117 29259 4448/java
But if i run
nmap -v -sT 127.0.0.1
Starting Nmap 5.21 ( http://nmap.org ) at 2012-08-10 08:51 PDT
Initiating Connect Scan at 08:51
Scanning localhost (127.0.0.1) [1000 ports]
Discovered open port 53/tcp on 127.0.0.1
Discovered open port 22/tcp on 127.0.0.1
Discovered open port 9000/tcp on 127.0.0.1
Discovered open port 631/tcp on 127.0.0.1
Discovered open port 9001/tcp on 127.0.0.1
Completed Connect Scan at 08:51, 0.04s elapsed (1000 total ports)
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00046s latency).
rDNS record for 127.0.0.1: hadoop-namenode-01
Not shown: 995 closed ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
631/tcp open ipp
9000/tcp open cslistener
9001/tcp open tor-orport
Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds
Raw packets sent: 0 (0B) | Rcvd: 0 (0B)

By default nmap doesn't scan all ports. try this one.
nmap -sT -sU -p- 127.0.0.1

#Satish, you don't need to add -sU which will scan the UDP ports too, and take a while.
nmap -v -p 8020 127.0.0.1
This should be enough and instant.

By default nmap scans only the well know ports.
You specify a port by using the -p parameter.
To scan all ports : nmap -v -p "*" 127.0.0.1
To scan only port 8020 : nmap -v -p 8020 127.0.0.1