Nmap Development mailing list archives
Nmap 6.47 Spoofing Source IP Address
From: The Lost Packet <thelost.packet () yahoo com>
Date: Thu, 5 Mar 2015 22:14:32 +0000 (UTC)
All, I'm not sure if someone has already asked this question. I'm using Nmap 6.47 on a Kali VM to scan 1.80 while using a spoofed source 1.123: nmap -sS -p80-443 -Pn -e eth0 -S 192.168.1.123 192.168.1.80 Starting Nmap 6.47 ( http://nmap.org ) at 2015-03-05 16:50 ESTNSOCK ERROR [0.4730s] mksock_bind_addr(): Bind to 192.168.2.123:0 failed (IOD #1): Cannot assign requested address (99) My first question: Why is Nmap trying to bind to the spoofed source address?My second question: Even though Nmap throws the above NSOCK error, it still proceeds to scan 1.80 and spoofs the source correctly. 1.80, thinking it is being scan by 1.123 responds to 1.123 (as it should). Next, Nmap, running on my scanner VM, shows the open ports on 1.80. Now, if the response packets are being sent to 1.123, how does Nmap, running on my scanner machine, finds out which ports are open on 1.80 (the response packets are not sent to the scanner!)? Is Nmap sniffing the traffic and looking for response packets sent by 1.80 to 1.123? Thank you,Lost
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Nmap 6.47 Spoofing Source IP Address The Lost Packet (Mar 05)