I’m using nmap as device tracker and my hass is running in a Docker container.
I find that the command does not return the MAC address of the devices on the network, hence they never get added to known_devices.yaml.
Adding them manually they show up in the font-end, but never change state (always away).
I have added setcap to my Docker instance:

apt-get install libcap2-bin
in order to run the commands:

setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip /usr/bin/nmap

But this seemingly makes no difference.

Could the problem be that the nmap command is not run with ‘sudo’?

Since running nmap -oX - 192.168.1.0/24 -F --host-timeout 5s does not include MAC address in the output whereas running sudo nmap -oX - 192.168.1.0/24 -F --host-timeout 5s does.

Anyone trodden this path already and can shed some light ?

Thanks,
Kev

Can you please show your device_tracker configuration in the configuration.yaml?

I recently setup nmap device tracker myself. I don’t scan the entire subnet, because that is quite cpu intensive. I just scan the devices I want to track.

To do so I marked the mac addresses of the devices I want to track static in the DHCP pool of my router. This way those mac addresses always keep the same IP address.

My device_tracker: config contains only IP addresses of the devices I want to track:

device_tracker:
  - platform: nmap_tracker
    home_interval: 2
    hosts:
      - 192.168.100.164
      - 192.168.100.155
      - 192.168.100.113
      - 192.168.100.161

I didn’t do the setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip /usr/bin/nmap. It worked out of the box.

You could turn on debug logging in our configuration.yaml to see what is happening:

logger:
   default: debug

When it works, they appear automatically in your known_devices.yaml.

This is my config

- platform: nmap_tracker
  hosts:
    - 192.168.x.xxx-xxx
  interval_seconds: 45
  scan_options: " -PR -n --privileged -F --host-timeout 5s"

It is not clear to me if by adding scan_options you are replacing the default scan_options or adding to them.

With Debug logging I get:

2018-12-11 18:29:20 INFO (SyncWorker_12) [homeassistant.components.device_tracker.nmap_tracker] Scanning...,
2018-12-11 18:29:20 INFO (SyncWorker_12) [homeassistant.components.device_tracker.nmap_tracker] nmap scan successful,
2018-12-11 18:29:20 DEBUG (SyncWorker_12) [homeassistant.components.device_tracker.nmap_tracker] Nmap last results []

Which looks like an empty array to me.

When I comment out the scan_options then I get the following in the log file, which I interpret as the command is not running under sudo:

2018-12-11 18:39:41 INFO (SyncWorker_11) [homeassistant.components.device_tracker.nmap_tracker] No MAC address found for 192.168.1.xxx,
2018-12-11 18:39:41 INFO (SyncWorker_11) [homeassistant.components.device_tracker.nmap_tracker] No MAC address found for 192.168.1.xxx,
2018-12-11 18:39:41 INFO (SyncWorker_11) [homeassistant.components.device_tracker.nmap_tracker] nmap scan successful,
2018-12-11 18:39:41 DEBUG (SyncWorker_11) [homeassistant.components.device_tracker.nmap_tracker] Nmap last results []

SOLVED

OK so the reason is that running hass in Docker will put it on the 172.17.0.X network, and nmap is unable to obtain the MAC address from devices on my 192.168.1.X network.
The fix is to use --network="host".
I’d read somewhere that this was not optimal for Docker, but in this case it’s the only option.

Hi @kev - are you still using this solution?
Where would I add the string you provided --network= "host" - in the configuration.yaml under the nmap tracker platform as a scan-option?

the “–net=host” command is entered into the docker run command. it’s not used in the HA configuration.

It basically sets up your docker container to be able to access every port on your host system just like any other machine on your network as opposed to just exposing one port from the host to the container with the “-p 8123:8123” option.

Thanks - now I just need to find out how to change the container setup in Docker on my Synology

So I’m assuming it doesn’t use the standard “docker run” command syntax?

Not really the ‘standard’, I think - trying to sort out the syntax, the one in the screenshot below doesn’t work:

image699×499 43.7 KB

try it without the "

--net=host

and you may have to remove the port settings. I know in the regular docker run you can’t have “–net” and “-p” at the same time since they are redundant.

Thanks for the hint - I need the port to be 8124 at the moment because I have an older HA version running in a separate container on port 8123.

you can still do that with net=host. you just need to point your browser to port 8124 instead of 8123. I use that exact thing for a second instance of HA running on the same machine at port 8124. just change the port in the config to 8124 instead of 8123.

I never got this working, I’m running Ubuntu 1804 with the docker image… in configuration.yaml I have…

Nmap tracker

device_tracker:

• platform: nmap_tracker
  home_internal: 2
  hosts:
  • 10.135.50.14
  • 10.135.50.15

I also have the docker-compose.yml as so…

version: ‘3’
services:
homeassistant:
container_name: home-assistant
image: homeassistant/home-assistant:latest
volumes:
- /home/dmcgowan/home-assistant:/config
- /etc/localtime:/etc/localtime:ro
devices:
- /dev/ttyUSB0:/dev/ttyUSB0
- /dev/ttyUSB1:/dev/ttyUSB1
restart: always
network_mode: host

It loads, no errors in the log, but nothing written to known devices…

I’m also running life360, but others seem to run multiple with no issues

Any ideas?

Did anyone ever figure this out?

I am running into the same issue in the latest core-2021.8.8, running Home Assistant OS 6.2 on an Odroid-N2+. I am sure that my firewall allows icmp packges across the VLANs as I can use nmap to scan the target host from another system on the same vlan as HA and I can ping from HA other hosts on the target vlan.

Nmap does not work across vlans, however. Any way to solve this? The official documentation still claims that nmap works across vlans & subnets…