From 7c5cbcbe7c928d17c4599094d4871464459c8c6f Mon Sep 17 00:00:00 2001
From: Keith Solomon <keith@vincentdesign.ca>
Date: Sun, 8 Mar 2026 19:39:11 -0500
Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9E=20fix:=20Port=20scanning=20fixes?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md          | 3 +++
 app/config.py      | 1 +
 app/scanner.py     | 7 +++++--
 docker-compose.yml | 2 ++
 4 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index fedfbea..89e234d 100644
--- a/README.md
+++ b/README.md
@@ -43,6 +43,7 @@ Environment variables:
 - `NETTRAK_DB_PATH` (default: `/data/nettrak.db`)
 - `NETTRAK_SUBNET` (default: `192.168.2.0/24`)
 - `NETTRAK_TOP_PORTS` (default: `100`)
+- `NETTRAK_PORT_SPEC` (optional, nmap `-p` syntax, ex: `1-10000` or `22,80,443,8989`)
 - `NETTRAK_SCAN_WORKERS` (default: `12`)
 - `NETTRAK_PORT_PROBE_TIMEOUT` (default: `0.4`)
 - `NETTRAK_ENABLE_OS_DETECTION` (default: `0`)
@@ -78,6 +79,8 @@ volumes:
 
 If your Docker bindings are `0.0.0.0`, set `NETTRAK_DOCKER_HOST_IP` to the host LAN IP so mappings can be attributed correctly.
 
+Note: Docker socket integration only has direct knowledge of the local Docker daemon (the host running NetTrak). Remote hosts are detected by network scanning only, so ensure your scan profile includes the needed ports (for example `NETTRAK_PORT_SPEC=1-10000` for `8989`).
+
 ## API Endpoints
 
 - `GET /api/health`
diff --git a/app/config.py b/app/config.py
index 4770df5..aeb728a 100644
--- a/app/config.py
+++ b/app/config.py
@@ -4,6 +4,7 @@ DB_PATH = os.getenv("NETTRAK_DB_PATH", "/data/nettrak.db")
 DEFAULT_SUBNET = os.getenv("NETTRAK_SUBNET", "192.168.2.0/24")
 SCAN_TIMEOUT_SECONDS = int(os.getenv("NETTRAK_SCAN_TIMEOUT", "1800"))
 SCAN_TOP_PORTS = int(os.getenv("NETTRAK_TOP_PORTS", "100"))
+SCAN_PORT_SPEC = os.getenv("NETTRAK_PORT_SPEC", "").strip()
 SCAN_WORKERS = int(os.getenv("NETTRAK_SCAN_WORKERS", "12"))
 PORT_PROBE_TIMEOUT_SECONDS = float(os.getenv("NETTRAK_PORT_PROBE_TIMEOUT", "0.4"))
 ENABLE_OS_DETECTION = os.getenv("NETTRAK_ENABLE_OS_DETECTION", "0").lower() in {"1", "true", "yes", "on"}
diff --git a/app/scanner.py b/app/scanner.py
index ae77707..8275cd6 100644
--- a/app/scanner.py
+++ b/app/scanner.py
@@ -14,6 +14,7 @@ from .config import (
     ENABLE_DOCKER_INSIGHTS,
     ENABLE_OS_DETECTION,
     PORT_PROBE_TIMEOUT_SECONDS,
+    SCAN_PORT_SPEC,
     SCAN_TOP_PORTS,
 )
 
@@ -270,8 +271,6 @@ def scan_host(ip: str, seed_host: dict[str, Any] | None = None) -> HostResult:
         "--open",
         "-sV",
         "--version-light",
-        "--top-ports",
-        str(max(SCAN_TOP_PORTS, 1)),
         "-T4",
         "--max-retries",
         "1",
@@ -279,6 +278,10 @@ def scan_host(ip: str, seed_host: dict[str, Any] | None = None) -> HostResult:
         "45s",
         ip,
     ]
+    if SCAN_PORT_SPEC:
+        base_args[5:5] = ["-p", SCAN_PORT_SPEC]
+    else:
+        base_args[5:5] = ["--top-ports", str(max(SCAN_TOP_PORTS, 1))]
 
     result: HostResult | None = None
     if ENABLE_OS_DETECTION:
diff --git a/docker-compose.yml b/docker-compose.yml
index c8227e2..2a4f589 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -8,6 +8,8 @@ services:
       - NETTRAK_DB_PATH=/data/nettrak.db
       - NETTRAK_SUBNET=192.168.2.0/24
       - NETTRAK_TOP_PORTS=100
+      # Optional explicit port set/range. Example catches 8989 and many app ports:
+      # - NETTRAK_PORT_SPEC=1-10000
       - NETTRAK_SCAN_WORKERS=12
       - NETTRAK_PORT_PROBE_TIMEOUT=0.4
       - NETTRAK_ENABLE_OS_DETECTION=0