Understanding "-S" option on configurations whith several IP addresses.

[Korostelev Andrew <preacherandrew () mail ru>]

Hi.

I have question about "-S" option. Namely in cases of several IP-addresses
on one NIC.

Here is my case.

Two host whith Windows 2000:
host A have one NIC with two IP addresses - 192.168.160.12 
and 192.168.2.3;
host B one NIC whit one IP address - 192.168.160.1.

How can I use nmap on first host for testing second host?

If I run "nmap -S 192.168.160.12 -e eth0 192.168.160.1" I get
lot of messages "WARNING: Unable to find appropriate interface for system route..." and last message: 
"NmapArpCache() can only take IPv4 addresses. Sorry.
QUITTING!" 

If I delete second IP address on host A, then all OK - and whith option
("nmap -S 192.168.160.12 -e eth0 192.168.160.1") and whithout option
("nmap 192.168.160.1).


P.S:
After some debugging I see that nmap get strange results on configurations
whith several IP. Nmap use only one from IP address (first from returned GetIpAddrTable)
 and all tests carry out on that address.
For example, host have two IP - 192.168.160.12/24 and 192.168.2.3/24,
and default gateway - 192.168.160.254.
Nmap calls GetIpAddrTable.  GetIpAddrTable returns 192.168.2.3 as first IP address,
and 192.168.160.12 as second address. Nmap take address 192.168.2.3 and try verify
default gateway using that address.  When nmap comparing 192.168.2.3/24 and 192.168.160.254 nmap prints out:
"WARNING: Unable to find appropriate interface for system route to 192.168.160.254"
I guess in this case nmap must using other IP address of the host - 192.168.160.12.


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org