Subject: Nmap Not Working Properly in Docker Container

Hi everyone,

I have a Python script that successfully retrieves the IP addresses of devices connected to a router on Windows, but it doesn’t work in a Docker container. I’m using Nmap to scan the devices, and I suspect it’s not functioning correctly within the container. Could anyone provide a solution or suggest any necessary configurations to get Nmap working properly in Docker?

Thanks in advance!

Based on the tags of the topic, you are using Linux containers and you have a Python script that works on Windows, but not on Linux. I don’t think it is a Docker issue, but if you share the script that works on Windows and what error message you get in Linux containers or what “not functioning properly” correctly, someone could try to help.

1 Like

Thank you for your response & I agree your responce. ‘Nmap’ is a tool that have use for scan devices. I successfully used Nmap on Windows to scan and detect the number of devices connected to a router. However, the same setup does not work on Linux or inside a Docker container.

I installed ‘Nmap’ and the 'python-nmap` library, and run my python script to retrieve connected devices of router. my Python script run successfully without errors. The logs show an HTTP 200 status code, but Nmap does not seem to perform the scan. devices are not showing in the output.

Is there a way to fix this? Does Nmap work on Linux, or is there a good alternative for scanning connected devices?

I know what nmap is, I just don’t know how python-nmap implements it. But since you are using a Windows host and running Linux containers,you are most likely using Docker Desktop, not just the “simple” Docker, Docker CE. So you have a virtual machine and a complex system in it where Docker CE is running in a container actually. So you can test nmap without python first and see if that makes a difference:

docker run --rm -it nicolaka/netshoot <nmap command here>

I did this:

docker run --rm -it nicolaka/netshoot nmap -sP 192.168.100.0/24

I ran it on my macOS host without containers

nmap -sP 192.168.100.0/24

That returned the actual running machines. But I started a Multipass VM and executed the same command in it in an Ubuntu 24.04 Linux. The result was the same. Then I tried to run the docker command in that virtual machine and I still got the same result. Then I ran the Docker command on my macOS host, and it returned every single IP address in the subnet. I obviously don’t have 255 running machines in my network.

Starting Nmap 7.95 ( https://nmap.org ) at 2025-01-31 21:47 UTC
Nmap scan report for 192.168.100.0
Host is up (0.00062s latency).
Nmap scan report for 192.168.100.1
Host is up (0.0032s latency).
Nmap scan report for 192.168.100.2
Host is up (0.0026s latency).

....

Nmap scan report for 192.168.100.255
Host is up (0.0026s latency).
Nmap done: 256 IP addresses (256 hosts up) scanned in 12.10 seconds

This command took time, but not much. Just a couple of seconds. Then I ran the same Docker command on my Windows host. Where it took much more time and I almost stopped it thinking it was just hanging, but it finished the scanning eventually and returned the same as I got on my macOS from the Docker container in Docker Desktop.

So I assume that nmap is doing it’s job, but there is something in Docker Desktop which makes nmap think that there are 255 running machines in the network and scanning that takes a lot of time on Windows (350 seconds) and the python script could also time out.

I don’t have an answer why. It could be something Windows related or something in the implementation of Docker Desktop on Windows as it is a little bit different on each platform to make it work similarly on each platform.

If you can reproduce the same result, you can ask about this on GitHub

2 Likes

Thank you! I got a very helpful answer from you. Thanks for your help.

Thank you for your response. Your guidance has been accurate, and I followed your instructions, which worked as expected. However, I would like to clarify that my goal is to retrieve the IP addresses of only the reachable devices connected to the router, rather than all devices.

Here are the steps I have followed:

  1. I have Python IDLE installed on my Windows PC, along with a Python script designed to retrieve the IP addresses of devices connected to the router.
  2. Initially, when running the script, no output was generated.
  3. After downloading and installing the Nmap tool from Download the Free Nmap Security Scanner for Linux/Mac/Windows, I reran the script, and the expected output was successfully generated means retrieve the IP addresses of only the reachable devices connected to the router, rather than all devices

My question now is whether it is possible to use Nmap within a Docker container or VMware ubuntu to perform network scanning and retrieve the IP addresses of only the reachable devices. If this is feasible, could you kindly guide me on how to achieve this?

That was quite obvious to me. As I wrote before, this is a Docker Desktop behavior and I can’t tell you why. It is not Docker or VMWare or anything else, but Docker Desktop. I can’t say anything else than I wrote in my pevious post. Please, report the issue on GitHub where developers can see it. I could report it too, but I never needed nmap in a container running in Docker Desktop, so you could explain it better why it is needed so the developers can prioritize the issue based on that. If you can report it, please, share the link of the issue in this topic too so other users can find it.

1 Like