Nmap Development mailing list archives
nmap 3.70 - ultra_scan() -- feature or flaw?
From: Matt Repicky <SMP.Repicky () gmail com>
Date: Tue, 12 Oct 2004 15:40:54 -0400
I have been having a problem with the -oG option for the new nmap. I use an input file of target hosts to run UDP/TCP scans against. Because of the way the ultra_scan() attacks all the hosts in the file at once, assuming i'm running less than the default max_hostgroup, if one of the hosts does not finish scanning, none of the hosts appear to finish scanning and therefore no information gets dumped into the results of a greppable file. I was running a nmap with -sT -sU -n -r -P0 -p 1- -vvv -oN targets.on -oG targets.og -iL targets.lst and in my target.lst I had approximately 40 computers. As I was running the scan I noticed that I started to get UDP timeout increases for 3 of the 40 hosts. In a side shell I attempted to ping the three hosts and they had been turned off (problem of starting a scan at 3.30 in the afternoon). Because the three hosts stopped responding to the UDP probes, the timeouts got larger and larger and nmap was taking forever to finish. I let the scan sit there for an hour and had to eventually stop it when it wasn't progressing any further. Because the 3 hosts didn't finish scanning, I didn't get any results for the other 37 machines. I had to edit my targets file to remove the downed hosts and try again. Again I failed because more machines were being turned off towards the end of the day. With older nmap, by attacking each host in the file one at a time if the scan failed at some point I could cancel the scan, remove the offending host, and resume the scan without having lost all the time put into scanning the other hosts. After reading the changelog and man pages I finally figured out that the max_hostgroup is my best option to getting back to the single scan functionality of nmap 3.5*. Is there any better way to allow the parallelism to continue while getting usable output should it run into a bad target halfway? Matt --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- nmap 3.70 - ultra_scan() -- feature or flaw? Matt Repicky (Oct 12)
- Re: nmap 3.70 - ultra_scan() -- feature or flaw? Fyodor (Oct 12)
- Re: nmap 3.70 - ultra_scan() -- feature or flaw? Nils Magnus (Oct 12)
- Re: sig handler (was: nmap 3.70 - ultra_scan()) Brett Campbell (Oct 12)
- Re: nmap 3.70 - ultra_scan() -- feature or flaw? Nils Magnus (Oct 12)
- Re: nmap 3.70 - ultra_scan() -- feature or flaw? Fyodor (Oct 12)