Re: 'nmap -S <src_addr>' does not use 'iproute2' alternate routing table

[David Fifield <david () bamsoftware com>]

On Mon, Sep 10, 2012 at 04:34:48PM -0400, starlight.2012q3 () binnacle cx wrote:
> At 01:10 PM 9/10/2012 -0700, David Fifield wrote:
> > On Mon, Sep 10, 2012 at 01:08:30PM -0700, David Fifield wrote:
> >
> > Please also show us "nmap -e eth4 -S 172.29.87.84 --route-dst <target>".
>
> That typo again.  Here it is correctly (same outcome):
>
> # nmap -e eth4 -S 172.29.86.84 --route-dst nvd.nist.gov
> 129.6.13.97
> eth4 eth4 srcaddr 172.29.79.1 nexthop 172.29.79.2
> WARNING: If -S is being used to fake your source address, you may also have to use -e <interface> and -Pn .  If you 
> are using it to specify your real source address, you can ignore this warning.
>
> Starting Nmap 6.02 ( http://nmap.org ) at 2012-09-10 16:32 EDT
> WARNING: No targets were specified, so 0 hosts scanned.
> Nmap done: 0 IP addresses (0 hosts up) scanned in 0.15 seconds

:( I'm sorry, I'm still way confused. I have seen three different
possible source addresses, differing in the third and fourth bytes, and
I don't know which is the one you are actually having trouble with.

172.29.86.4
172.29.86.84
172.29.87.84

I think it's not a trivial matter because I honestly don't know which
one you are intending to use, and because of the "ip rule show" rule you
gave, which references only the first address.

> 32764:  from 172.29.86.4 lookup eth4

So is the above source address of 172.29.86.84 supposed to mean
something, or did you intend to use 172.29.86.4?

David
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/