Nmap Announce mailing list archives
RE: Improving nmap performance
From: "Gang Xu" <gxu () wnmail att com>
Date: Fri, 30 Aug 2002 09:25:37 -0400
I have the same problem of waiting for a firewall scan to finish. When using connection scan "-sT", we find nmap tries each port 3 times and moves to the next port until it completes all ports. Then it repeats the same process again in the reverse order if -r is used. Therefore, 6 SYNs are sent to each port. I thought about modifying nmap code to avoid the second scan and customize the number of tries. Has anyone already done this? If so, can you share your code with me? thanks, Gang Xu -----Original Message----- From: Lance Spitzner [mailto:lance () honeynet org] Sent: Thursday, August 29, 2002 7:23 PM To: nmap-hackers () insecure org Subject: Improving nmap performance Not sure if this is commonly known, however I wanted to share something I've learned with nmap. As part of my job, I often do a great deal of scanning of firewalls, or scanning through firewalls. This can be VERY TIME consuming, as you get no response for each probe, a full scan (all 65000+ ports) of a firewall used to average me 3200 seconds. While teaching a class we were able to DRAMATCALLY reduce this for TCP scans to average 840 seconds. Using the following command line options --max_rtt_timeout 50 --max-parallelism 100 By reducing rtt_timeout to 50, we DRAMATICALLY reduced the time for scanning, however, this is when the target is only 2 hops away, you may experience dropped packets if there are more hops. I can say this with a high degree with confidence, as we had 8 different systems probe all 65000+ TCP ports, all averaging around 840-850 seconds per scan. By changing the rtt_timeout to 10, we got the time down to 350+, but you are really pushing it. Increasing the number of parrallel scans beyond 100 seemed to have no improvement. Unfortunatelyl, UDP still took MUCH LONGER, averaging 2000-3000 seconds perscan :-0 Just thought I would share this tidbit, for those of you who have waited to firewall scans :) -- Lance Spitzner http://www.honeynet.org -------------------------------------------------- For help using this (nmap-hackers) mailing list, send a blank email to nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org). -------------------------------------------------- For help using this (nmap-hackers) mailing list, send a blank email to nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- Improving nmap performance Lance Spitzner (Aug 29)
- RE: Improving nmap performance Gang Xu (Aug 30)
- Re: Improving nmap performance Lamont Granquist (Aug 30)
- <Possible follow-ups>
- Re: Improving nmap performance Lance Spitzner (Aug 30)
- Re: Improving nmap performance Stu Green (Aug 30)