Re: nmap udp scan takes too long

[anonymous <nighthawk2600 () gmail com>]

On 06/29/2012 05:32 AM, pentester wrote:
> Reason is that nmap waits for a response, retries, waits etc. Once it decides the port is not responding it 
> continues. There is a little smartness, because nmap tries different ports simultaneously.
> Another scanner solves this issue. unicornscan typically scans al 64k ports in 3 minutes and 45 seconds when you use 
> a scan rate of 300 packets per seconds
>
> To my knowledge, unicornscan is today still the best way to do a udp scan. Possible issue is that it is available in 
> Linux only. I have not seen working versions on Windows or Mac (although I expect in theory it should be possible to 
> get it working on Mac).
>
> Cor
>
> On Jun 29, 2012, at 9:13 AM, a bv wrote:
>
> > Hi,
> >
> > Using mosly zenmap , udp scan takes so long mostly . I try to scan all
> > ports 1-65535 but also i do that at tcp scan too at the same port
> > range but tcp scan takes too little time according to udp. I start to
> > udp scan a few local hosts
> >
> > and after a day when i turn to the screen i see that it gives %40.3
> > etc and not completed yet (not sure if it still continues to scan).
> > What can be the reason and what is the best /efficient way to do a udp
> > scan?
> >
> >
> > Regards
> >
> > ------------------------------------------------------------------------
> > Securing Apache Web Server with thawte Digital Certificate
> > In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> > how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> > purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> > set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> > certificates.
> >
> > http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> > ------------------------------------------------------------------------
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------

Well yes ofcourse Nmap UDP scans are going to take some time to scan
this is a well known fact. Open and filtered ports rarely send any kind
of response which leaves nmap to time-out and the retry transmissions
just in case the the probe or scan was lost. Linux in general usually is
very strict about sending out ICMP port unreachable messages and usually
limits this to 1 ICMP port unreachable message per second which is
another big reason why UDP scans take a very long.

Also remember that scans like UDP or full scans where you are scanning
all 65,000+ ports instead of the default popular 1,000 ports which nmap
scans by default should be ran in the background and you can come back
to scans later and view or compare your results.

There are however a few things you can do to speed up UDP scans with Nmap.

1. Try scanning popular UDP ports first. By using the (-F) option i
believe nmap will scan the most popular 100 UDP ports and this tends to
finish very quickly. You can do this first then go back to doing a full
UDP scan in the background if you need results quickly.

2. Try setting --version-intensity 0
This tells nmap to only try probes that are probably going to be the
most effective against the target network.

3. Try using --host-timeout to skip slow responding hosts.


There are other things you can do to improve the overall performance of
nmap but these are just some quick suggestions to get you started.


Again nmap is probably the greatest tool out there, and there are so
many things that you can do with it. Most people only use probably 10%
of nmap's potential. I would suggest getting the nmap book by fyodor, it
is sometimes a difficult read but it is a great book for sure.

-nighthawk

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------