Nmap Development mailing list archives
Extremely long scan times...
From: "Jones, David H" <Jones.David.H () principal com>
Date: Fri, 17 Mar 2006 15:18:05 -0600
Greetings... Long time user, first time poster. I've done a lot of digging around (google, nmap command reference, etc), and I just can't seem to find a way around this. Here's my dilemma: I'm scanning a Cisco IOS Firewall interface for a security audit. We want to be able to report on all ports (-p1-65535). Unfortunately, shortly after the scan starts, I start seeing ICMP 3/13 messages (Communication administratively filtered (ethereal)/Communication administratively prohibited by filtering (nmap)) via ethereal or by using --packet-trace in nmap. After that message is received, nmap starts resending SYN packets to the same port (up to six times in a row), and I'm assuming it also causes nmap to throttle back. This is causing the scan completion time to jump to at least six hours almost immediately, which unfortunately is not going to work for the project we're doing in the timeframe needed. I just completed the same exercise on Checkpoint interfaces, with exactly the same switches enabled for nmap, and the scans completed on those interfaces in the neighborhood of 25-30 minutes. While I did not actually capture any packets during the Checkpoint scans, I'm assuming I was not receiving the ICMP 3/13 messages. So, to make a short question long, is there any way to force nmap to ignore these ICMP messages, or to disable the automatic throttling and just push through it? I'm already using the -T4 switch, but even that switch doesn't keep the pace up and at times generates the following message from nmap itself; "Warning: Finishing early because retransmission cap hit." However, nmap continues to scan after that point. Any assistance would most definitely be appreciated! Using: nmap v4.01 -P0 -sS -T4 -p1-65535 Thanks in advance! David Jones Principal Financial Group I/S Information Security 711 High Street Des Moines, IA 50392-0257 Email: jones.david.h () principal com Phone: 515.362.2224 -----Message Disclaimer----- This e-mail message is intended only for the use of the individual or entity to which it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended recipient, any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by reply email to Connect () principal com and delete or destroy all copies of the original message and attachments thereto. Email sent to or from the Principal Financial Group or any of its member companies may be retained as required by law or regulation. Nothing in this message is intended to constitute an Electronic signature for purposes of the Uniform Electronic Transactions Act (UETA) or the Electronic Signatures in Global and National Commerce Act ("E-Sign") unless a specific statement to the contrary is included in this message. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- Extremely long scan times... Jones, David H (Mar 17)
- Re: Extremely long scan times... Martin Mačok (Mar 17)