Re: FW: Zenmap from inside network

[David Fifield <david () bamsoftware com>]

On Wed, Apr 22, 2009 at 07:34:02AM -0400, Joe DeMicco wrote:
> I'm having difficultly getting Zenmap to change the source IP address. We're
> running Zenmap on a 32 bit windows vista platform. We want to change the
> source ip address to a public ip address so we can test firewall settings
> from within the network and make the traffic seem to be coming from outside
> the network. When we issue the -S option to change the source address and
> hit the scan button this error message is returned: "Could not figure out
> what device to send the packet out on with the source address you gave me!
> If you are trying to sp00f your scan, this is normal, just give the -e eth0
> or -e ppp0 or whatever.  Otherwise you can still use -e, but I find it
> kindof fishy.
> QUITTING!"

Use "nmap --iflist" to see the interface names that Nmap uses. The
option to use will probably be something like "-e eth0". If the
interface is not an Ethernet interface, spoofing the source address
won't work because of Windows limitations.

However, what you are trying to do is probably not going to work. If you
change the source address to an address outside the network, any replies
to the probes you send are going to go to that outside address--not back
to the scanning machine. This will make all hosts appear down or all
ports filtered, depending on the scan you're doing. That's why it's
"kindof fishy."

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org