-e bug

[Yonatan Bokovza <Yonatan () xpert com>]

Hi,
I get weird behavior when using -e option:
I'm running nmap from a two interfaced FreeBSD
server (FreeBSD Qwerty 4.4-STABLE FreeBSD
4.4-STABLE #4: Thu Nov 29 12:57:52 IST 2001
root@Qwerty:/usr/obj/usr/src/sys/QWERTY i386), with
nmap 2.45b30 installed from the ports.
The fxp0 interface is set to 192.168.0.1 and I'm
scanning 192.168.0.2.
If I scan with no "-e" flag (dump here:
http://j.xpert.com/dump-no-e ,the command-line
was: nmap -p 10-20 192.168.0.2) everything is
alright. (no ports reported open in this example.)
However, if I scan with -e ( command line:
nmap -p 10-20 -e fxp0 192.168.0.2
dump: http://j.xpert.com/dump-with-e ) it seems
that the packet's source is spoofed to 6.4.6.0 .
The target's answers, of course, are discarded or
ignored, and nmap report that the machine isn't
up.
Since this bug is reproducible, I'll be glad to
test patches or supply more information.

Best Regards, 

Yonatan

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).