-PI generating echo requests from 0.0.0.0

["Alex Ferguson" <df_alex () hotmail com>]

Running nmapwin 1.3.0, and the windows command line nmap version 3.00, on my 
windows xp pro and home systems, I noticed the following:

For all scan types except sT and sP, when using a ping type including icmp 
(-PI or the default icmp + tcp ack), the icmp echo requests are generated 
with a source ip address of 0.0.0.0 instead of the machine's real ip.

Obviously the target host doesn't respond to these pings and this causes 
some hosts to falsely appear down.
I tried upgrading from winpcap 2.3 to 3.0 alpha, with no differences.
An example of a command that generates the behavior is:

nmap -sS -PI 192.168.1.100

or even

nmap -sS 192.168.1.100

Of course the latter sometimes detects that the target is up through the tcp 
ack ping.  The nmap on my openbsd system behaves correctly.  (No 0.0.0.0 
stuff)
I hope I made sense here, and thank you for your time.  I'd appreciate 
knowing what dumb thing I'm doing wrong, if that's the case :)

--Alex

_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com


---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).