> when you include spoofed addresses you should include a real ip address that
> you want a reply to come back to. man nmap for more information about using
> the decoy option.
Hmm. That's clear, but why does the "-S"-option work? When I use this option
together with the "-e" I get back the results from the scanned machine. Is my
real address included in the tcp- or ip-headers? I tried these options and
sniffed while scanning my local network and could not find any of my real
addresses which where scanning. Just the ones I used with the "-S"-option.
That's what I don't understand.
But thanks anyway, because I didn't know the decoy-option :-)
Chris
