Nmap Development mailing list archives
Re: nmap-3.7x MUCH slower than nmap-3.55 against firewalled hosts
From: Fyodor <fyodor () insecure org>
Date: Thu, 16 Dec 2004 03:03:10 -0800
On Wed, Dec 15, 2004 at 02:00:28PM +0100, Martin Ma?ok wrote:
Possible workaround would be some cmdline options for better limiting the retransmition (setting --max_scan_delay is *by far* not enough to achieve nmap-3.55's speed, I would at least like to see an option for limiting max_successful_tryno) with sensible defaults but I would definitely like the nmap-3.55 behaviour which is much more clever in that case (from looking at the packet trace). Example (53 seconds versus 1214 seconds):
This could be considered a feature, though I understand the frustration. The host apparently was limiting ICMP unreachables to one per second. Nmap detected this and slowed down to that rate, so your 1,220 port scan took 1,214 seconds. The older version just gave up on many ports, though admittedly the results don't differ because no-response and ICMP unreachable mean the same thing (filtered) for a SYN scan. Also remember that the new Nmap can scan many hostsl like this at the same time. You could try something like --min_hostgroup 100, or even 256 to do the whole Class C at once. Also, adding a small --max_scan_delay should improve things dramatically. Doesn't it? Also, -T4 should be added, and I would recommend a max_rtt_timeout that matches the latency to your target hosts. If you have time to scan such a class C again, how does Nmap 3.78 do with "-T4 --min_hostgroup 256 --max_scan_delay 0 --max_rtt_timeout XXX" (where XXX is about double the average ping time against hosts on the target network). How does that compare to 3.55? You're right that adding more explicit controls over the maximum number of retransmissions may be worthwhile. It wouldn't be hard, either. I'll think about it. I could also consider decreasing the default TCP max send delays, at least for more aggressive timing modes. Cheers, -F --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- nmap-3.7x MUCH slower than nmap-3.55 against firewalled hosts Martin Mačok (Dec 15)
- Re: nmap-3.7x MUCH slower than nmap-3.55 against firewalled hosts Fyodor (Dec 16)
- Re: nmap-3.7x MUCH slower than nmap-3.55 against firewalled hosts Martin Mačok (Dec 16)
- Re: nmap-3.7x MUCH slower than nmap-3.55 against firewalled hosts Martin Mačok (Dec 16)
- [patch] Re: nmap-3.7x MUCH slower than nmap-3.55 against firewalled hosts Martin Mačok (Dec 19)
- Re: [patch] Re: nmap-3.7x MUCH slower than nmap-3.55 against firewalled hosts Martin Mačok (Dec 20)
- Re: [patch] Re: nmap-3.7x MUCH slower than nmap-3.55 against firewalled hosts Martin Mačok (Dec 20)
- Re: nmap-3.7x MUCH slower than nmap-3.55 against firewalled hosts Martin Mačok (Dec 16)
- Re: nmap-3.7x MUCH slower than nmap-3.55 against firewalled hosts Fyodor (Dec 16)