Nmap Development mailing list archives
-PI generating echo requests from 0.0.0.0
From: "Alex Ferguson" <df_alex () hotmail com>
Date: Fri, 30 Aug 2002 13:10:27 -0400
Running nmapwin 1.3.0, and the windows command line nmap version 3.00, on my windows xp pro and home systems, I noticed the following:
For all scan types except sT and sP, when using a ping type including icmp (-PI or the default icmp + tcp ack), the icmp echo requests are generated with a source ip address of 0.0.0.0 instead of the machine's real ip.
Obviously the target host doesn't respond to these pings and this causes some hosts to falsely appear down.
I tried upgrading from winpcap 2.3 to 3.0 alpha, with no differences. An example of a command that generates the behavior is: nmap -sS -PI 192.168.1.100 or even nmap -sS 192.168.1.100Of course the latter sometimes detects that the target is up through the tcp ack ping. The nmap on my openbsd system behaves correctly. (No 0.0.0.0 stuff) I hope I made sense here, and thank you for your time. I'd appreciate knowing what dumb thing I'm doing wrong, if that's the case :)
--Alex _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com ---------------------------------------------------------------------For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- -PI generating echo requests from 0.0.0.0 Alex Ferguson (Aug 30)