Nmap Win32 improperly sets Source IP = 0.0.0.0 when pinging

[Clint Hastings <hastings () nosc mil>]

Hi there,

On Win2K with WinPcap v3.0 Beta installed, the command-line versions of
Nmap for Win32 (both v3.0 and 3.10 Alpha 7) have buggy behavor when
sending the ICMP Echo Request to see if a system is online before
scanning.  For some reason Nmap sets the Source IP for the outgoing ICMP
packet to 0.0.0.0, you can see this behavior with any sniffer (WinDump
in my case).  However, the follow up TCP Ack packet that Nmap sends to
port 80 (in addition to the ICMP Echo Request) DOES have the correct
Source IP address.

This behavior is even easier to see if you use the -sP option.

Is this a known bug??

Thanks,
Clint D. Hastings

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).