Nmap Announce mailing list archives
Re: Scanning speeds - unexplained behaviour
From: Darren Reed <avalon () coombs anu edu au>
Date: Thu, 22 Jul 1999 16:21:01 +1000 (EST)
In some mail from Thomas Reinke, sie said: [...]
Specifically, if you scan ports 1-65535, the time taken is MUCH longer than if you were to scan the same range of ports, but in 10,000 port chunks (say 7 consecutive runs of 10,000 ports). This in turn takes 3 times longer than if you were to do 65 consecutive runs of 1000 port increments. Anyone have any idea why breaking down a scan into small chunks works so much faster?
Without looking at the code, if the inner loop has a complexity that is non-linear, then this should be expected. You may also be generally suffering from performance problems involved with lengthy lists, time to search that, etc. Most probably implementation problems, as well as OS issues. You should also expect a greater number of bad answers as if all 65000 responded, I doubt the OS would be able to buffer that many packets for the time required to service them from start to end.
Typically, if we start with a "seed" scan of the ports 1-50, it might take 50 seconds or so. Thereafter, if we scan 1000 ports at a time, each 1000 ports might take only 7-8 seconds!
Have you considered that perhaps the first also has to wait for things like ARP entries to be added, etc ? Darren
Current thread:
- Scanning speeds - unexplained behaviour Thomas Reinke (Jul 21)
- Re: Scanning speeds - unexplained behaviour Darren Reed (Jul 21)
- <Possible follow-ups>
- Re: Scanning speeds - unexplained behaviour photon (Jul 22)