Nmap Development mailing list archives
RE: Performance Tuning NMAP
From: "Pritchard, Adam (IDS EUC EMEA)" <adam_pritchard () ml com>
Date: Tue, 21 Dec 2004 15:27:55 -0000
Hi Bill, I have recently been working on a scanning service for my company. The objective was to create a system that can successfully identify every host on two class B networks (131,072 IPs). I have managed to scan all of these IPs and identify them in ~18 hours using a single instance of nmap on standard workstation hardware. I managed to improve the scan times by performing a multi-threaded ping sweep and entering only live hosts into a text file which is used for nmap's input list (-iL). The whole process looks like this in my log file: [21/12/2004 15:19:13] Commencing scan on subnet xxx.xxx.xxx.0/24 to find live hosts [21/12/2004 15:19:23] Written Nmap scan range(s) for 118 hosts from subnet xxx.xxx.xxx.0/24 [21/12/2004 15:19:23] Starting Nmap run, saving results to nmap_results.log [21/12/2004 15:21:23] Nmap run completed in 00:02:00.39 [21/12/2004 15:21:25] Imported Nmap grep results from nmap_results.log [21/12/2004 15:21:25] Commencing multi-threaded post checks [21/12/2004 15:21:48] Completed post checks on 118 hosts in 00:00:23.20 [21/12/2004 15:21:51] Integrated scan results with master database A whole class C network is scanned in just over two and a half minutes. I have not looked into running multiple instances of nmap because I do not wish to place unnecessarily large loads on the network and particularly the subnet I am running the scan from. Regards, Adam -----Original Message----- From: Bill Petersen [mailto:bill.petersen () alcatel com] Sent: 17 December 2004 16:18 To: nmap-dev () insecure org Subject: Performance Tuning NMAP Hello, A project I am working on will require me to scan over 1 million IPs monthly (yes, all owned by my company). I have acquired a dual Xeon 3GHz system with 4GB of RAM for the job. I plan to turn on -sV and -O to get version and OS information in addition to 'is the machine up' and general port information. It will be running Fedora Core 3. My questions are: 1. How would you tune this system for the task? 2. What options would you turn on / off at compile time? 3. How would you tune nmap at run time for the task? In the past, threads within nmap have not helped me much. I have actually used a perl script to help me maximize the throughput by running up to 190 concurrent nmaps (on a similarly configured machine). I'd like to get away from that and have nmap take over the task. Any suggestions? Thanks for your input. Regards, Bill -- Bill Petersen, CISSP Senior Information Security Analyst North American Information Security Group Alcatel USA, Plano, Texas 972-519-4249 Voice 972-519-4830 FAX Bill.Petersen () alcatel com -------------------------------------------------------- If you are not an intended recipient of this e-mail, please notify the sender, delete it and do not read, act upon, print, disclose, copy, retain or redistribute it. Click here for important additional terms relating to this e-mail. http://www.ml.com/email_terms/ -------------------------------------------------------- --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- RE: Performance Tuning NMAP Pritchard, Adam (IDS EUC EMEA) (Dec 21)
- Re: Performance Tuning NMAP Bill Petersen (Dec 21)