Nmap Development mailing list archives
Re: nmap on a scan server
From: MadHat <madhat () unspecific com>
Date: 26 Aug 2003 18:15:30 -0500
On Tue, 2003-08-26 at 09:42, Juergen Schmidt wrote:
Hello, we are thinking about setting up a public self scan service. Of cause we want to do the scans with nmap. We are planning to start the scans via ssh on a dedicated machine to seperate this from the web server.
I am not going to mention the security concerns.
As we are expecting a huge load (especially in the peaks) we need to make this as fast as possible. We are talking about hundreds if not thousands of parallel scan requests. Does anybody has experience with this kind of load?
some what. I find that on a single P4 2.26GHz machine with 1G RAM, I can run about 32 processes in parallel and still be able to use the box.
Any kind of information is appreciated, especially: Is it possible, to run many nmap instances in parallel?
Yes. Though I can not guarantee you won't have any issues, I have not experienced any.
Are there known limits?
CPU, memory, bandwidth...
Anybody with experience on running 100 nmap instances on one machine?
As I mentioned above I limit mine to about 32 processes at a time. I have a script that launches 1 nmap process after another keeping a constant 32 running at any point in time. I do this so I scan around 80K IPs in just under 10 hours, with OS detection. Without OS detection it is faster.
Do I have to expect weird results because of incoming packets not delivered to the right nmap instance?
Like I said, not that I have noticed, but if there was 1 or 2 errors, I wouldn't catch it.
What are good timing options for a TCP Syn scan on port 1-1024, that should be reliable *and* fast?
I use -sS -F -PE -O -TAggressive for my scans, but it depends on the results you are expecting. Also note that using -sS which is faster, has to run as root, so nmap would have to be SetUID, or ssh as root, or have sudo setup to allow nmap to be run as root without a password, or something similar. Same issue for -O and -PE
Is it making sense to start nmap directly via ssh or is it better, to have a perl script as a wrapper on the scan machine?
Well, that comes into how you want to get the data back to the web server. If you have "hundreds" running at once, then you have the box with hundreds of SSH connections, as well as hundreds of nmap processes. Bandwidth could be an issue, load would be an issue, etc... You may want to look at http://www.insecure.org/nmap/nmap_relatedprojects.html Specifically: Remote nmap (Rnmap) or Spidermap I have not used them personally, but they might give you some ideas to work with. -- MadHat at Unspecific.com `But I don't want to go among mad people,' Alice remarked. `Oh, you can't help that,' said the Cat: `we're all mad here...' -- Lewis Carroll - _Alice's_Adventures_in_Wonderland_ --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- nmap on a scan server Juergen Schmidt (Aug 26)
- Re: nmap on a scan server MadHat (Aug 26)