Xmas, FIN and NULL-scan

["Gisle Vanem" <giva () bgnett no>]

I cannot seem these scans to work on Win-XP using nmap-3.30V+2.99.
I have tcpdump running in another console-window, but nothing gets sent.

E.g.
> nmap.exe -P0 -sN -d2 --win_trace -p10-400 router
***WinIP***  initializing if tables
***WinIP***  if tables complete :)
***WinIP***  trying to initialize winpcap 2.1
***WinIP***  winpcap is present
***WinIP***  testing for raw sockets
***WinIP***  rawsock is available
***WinIP***  reading winpcap interface list
pcap device:  \Device\NPF_{93380695-0E31-456C-9EB0-8802E111C09D}
 result:       physaddr (0x0001800c70b2) matches eth0
***WinIP***  o.isr00t = 1

Starting nmap 3.30+V ( www.insecure.org/nmap ) at 2003-09-05 00:06 cet
The max # of sockets we are using is: 0
10.0.0.1 will use interface 10.0.0.6
Host router (10.0.0.1) appears to be up ... good.
Starting super_scan
Opening a real raw socket
Trying to open eth0 for recieve with winpcap.
Packet capture filter: (icmp and dst host 10.0.0.6) or (tcp and src host 10.0.0.1 and dst ho
0.6 and ( dst port 61817 or dst port 61818))
Initiating NULL Scan against router (10.0.0.1) at 00:06
Sending initial query to port 197

So since I'm "root" it should allow this, no? 

Seems to be trouble with SOCK_RAW under Windows, but the code 
is impossible to follow. I tried recompiling with 'rawsock_avail = 0'
but that only gave some ARP request/replies. Any ideas?

--gv




---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).