Nmap Development mailing list archives

nmap scan too slow and -n option

From: micro dev <microdev1 () yahoo com>
Date: Mon, 13 Sep 2004 18:42:09 -0700 (PDT)

Hi,
NMAP scans for few subnets were taking lot of time to come back. 
Earlier, one class C subnet used to take 6 minutes on an average.
But when I started scanning subnets in one location, scans took more than 15 minutes.
I noticed that NMAP is not able to resolve hostname of IP addresses in the range.
So I attributed the problem to DNS resolution rather than anything else in the network.
So I tried scan with -n option and ran NMAP for few IP addresses. But to my surprise, scan with -n option is taking 
more than without it.
What can be the reason behind this ?
Also what can make scan go slower apart from DNS resolution ?
I also see this warning for most of the IP addresses in the subnet.
"Warning:  OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port"

 
Here's output from NMAP scans- first without -n option and second with -n option.
 
# nmap 3.30 scan initiated Tue Sep 13 01:41:20 2004 as: nmap -sS -O -oN nmap56a.txt 192.168.80.156
Warning:  OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
Insufficient responses for TCP sequencing (1), OS detection may be less accurate
Interesting ports on 192.168.80.156:
(The 1637 ports scanned but not shown below are in state: filtered)
Port       State       Service
7/tcp      open        echo
9/tcp      open        discard
13/tcp     open        daytime
19/tcp     open        chargen
23/tcp     open        telnet
79/tcp     open        finger
80/tcp     open        http
Device type: router|switch
Running: Cisco IOS 11.X
OS details: Cisco switch/router with IOS 11.1(7)-11.2(8.10)
# Nmap run completed at Tue Sep 13 01:43:37 2004 -- 1 IP address (1 host up) scanned in 137.047 seconds
 
# nmap 3.30 scan initiated Tue Sep 13 01:45:15 2004 as: nmap -sS -O -n -oN nmap56b.txt 192.168.80.156

Warning:  OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
Insufficient responses for TCP sequencing (1), OS detection may be less accurate
Interesting ports on 192.168.80.156:
(The 1637 ports scanned but not shown below are in state: filtered)
Port       State       Service
7/tcp      open        echo
9/tcp      open        discard
13/tcp     open        daytime
19/tcp     open        chargen
23/tcp     open        telnet
79/tcp     open        finger
80/tcp     open        http
Device type: router|switch
Running: Cisco IOS 11.X
OS details: Cisco switch/router with IOS 11.1(7)-11.2(8.10)
# Nmap run completed at Tue Sep 13 01:48:39 2004 -- 1 IP address (1 host up) scanned in 204.438 seconds
 

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Current thread:

nmap scan too slow and -n option micro dev (Sep 13)
- Re: nmap scan too slow and -n option Bo Cato (Sep 13)
  - Re: nmap scan too slow and -n option micro dev (Sep 13)
    - Re: nmap scan too slow and -n option Fyodor (Sep 13)