Nmap 6.47 Spoofing Source IP Address

[The Lost Packet <thelost.packet () yahoo com>]

  All,
I'm not sure if someone has already asked this question. I'm using Nmap 6.47 on a Kali VM to scan 1.80 while using a 
spoofed source 1.123:
nmap -sS -p80-443 -Pn -e eth0 -S 192.168.1.123 192.168.1.80
Starting Nmap 6.47 ( http://nmap.org ) at 2015-03-05 16:50 ESTNSOCK ERROR [0.4730s] mksock_bind_addr(): Bind to 
192.168.2.123:0 failed (IOD #1): Cannot assign requested address (99)
My first question: Why is Nmap trying to bind to the spoofed source address?My second question: Even though Nmap throws 
the above NSOCK error, it still proceeds to scan 1.80 and spoofs the source correctly. 1.80, thinking it is being scan 
by 1.123 responds to 1.123 (as it should). Next, Nmap, running on my scanner VM, shows the open ports on 1.80. Now, if 
the response packets are being sent to 1.123, how does Nmap, running on my scanner machine, finds out which ports are 
open on 1.80 (the response packets are not sent to the scanner!)? Is Nmap sniffing the traffic and looking for response 
packets sent by 1.80 to 1.123?
Thank you,Lost



_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/