If I use Nmap with this command line to scan nmap -sU -p 68 -Pn --reason 172.26.228.199 (only UDP port 68 on .199 host)
I get back
Starting Nmap 6.47 ( http://nmap.org ) at 2016-01-11 14:21 Central Standard Time
Nmap scan report for 172.26.228.199
Host is up, received arp-response (0.0045s latency).
PORT STATE SERVICE REASON
68/udp filtered dhcpc port-unreach from 172.26.228.84
MAC Address: 00:0C:29:1D:D8:41 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 1.92 seconds
The response from the .84 is the host OS that is running windows 10 with vmware workstation pro v12.0.0 and NOT the .199 guest OS. I have tried this with a Kali guest as well and got same results.
I am using bridge mode. I also, tried disabling the DHCP options for both the the host only and nat networks as well as disabling and unchecking the connect host to virt adapter and no change.
I discovered this while trying to lock down all ports on a guest OS with the firewall and could do it except for port 68 then I added the --reason and saw this.
Thanks for any help
I use Win10 host and Fedora 23 Guest to have a try
Here is my result:
Host is up, received arp-response (0.00s latency).
PORT STATE SERVICE REASON
68/udp filtered dhcpc host-prohibited ttl 64
MAC Address: 00:0C:29:72:68:29 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 1.29 seconds
Is there any difference with your setup?
Hmm, maybe your guest OS is actually sending a reply and mine is not? I would be curious what a windows guest would do and then with windows firewall on the guest to block all incoming UDP.
Also, I don't know if this has anything to do with it but I am on a Lenovo with Intel I217-LM with the Advanced Networking Services driver (Prowinx64.exe)
So I removed the Lenovo with Intel I217-LM with the Advanced Networking Services driver (Prowinx64.exe) and went back to the standard driver windows finds for that NIC.
Still get a response from the host when scanning guest.
Also, uninstalled VMware workstation and reinstalled.
Same.
You were scanning from a separate physical PC to the VM guest right?
Yes, i use a separate Win7 PC to execute the scanning