Running nmapwin 1.3.0, and the windows command line nmap version 3.00, on my
windows xp pro and home systems, I noticed the following:
For all scan types except sT and sP, when using a ping type including icmp
(-PI or the default icmp + tcp ack), the icmp echo requests are generated
with a source ip address of 0.0.0.0 instead of the machine's real ip.
Obviously the target host doesn't respond to these pings and this causes
some hosts to falsely appear down.
I tried upgrading from winpcap 2.3 to 3.0 alpha, with no differences.
An example of a command that generates the behavior is:
nmap -sS -PI 192.168.1.100
or even
nmap -sS 192.168.1.100
Of course the latter sometimes detects that the target is up through the tcp
ack ping. The nmap on my openbsd system behaves correctly. (No 0.0.0.0
stuff)
I hope I made sense here, and thank you for your time. I'd appreciate
knowing what dumb thing I'm doing wrong, if that's the case :)
--Alex
_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com
---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help_at_insecure.org . List run by ezmlm-idx (www.ezmlm.org).
Received on Aug 30 2002
Intro
