Perhaps it binds another IP to the card if you use those 2 options. In linux
(dunno about windows) it's very easy to have 1 ethernetcard listen to more
than 1 ip address. If you use that option try to see if the box responds to
the IP you gave by pinging it.
(BTW it says YOUR IP so you're NOT supposed to supply anything else)
from nmap --help:
* -S <your_IP>/-e <devicename> Specify source address or network inter
face
Since you need root access for that it might very well be possible it binds
that IP to the interface you supplied
Regards
On Monday 17 September 2001 18:15, you wrote:
> > when you include spoofed addresses you should include a real ip address
> > that you want a reply to come back to. man nmap for more information
> > about using the decoy option.
>
> Hmm. That's clear, but why does the "-S"-option work? When I use this
> option together with the "-e" I get back the results from the scanned
> machine. Is my real address included in the tcp- or ip-headers? I tried
> these options and sniffed while scanning my local network and could not
> find any of my real addresses which where scanning. Just the ones I used
> with the "-S"-option. That's what I don't understand.
> But thanks anyway, because I didn't know the decoy-option :-)
>
> Chris
