Nmap Development mailing list archives
Long disjointed list of ports causing performance drop??
From: Steve <il_dharmabum () yahoo com>
Date: Tue, 24 Jan 2006 13:10:17 -0800 (PST)
I am using nmap in a phased manner to perform vulnerability testing on large networks for my clients. I'm currently utilizing 5 phases as follows: 1 - pings 2 - No pings & 9 most common ports 3 - No pings and 48 next most common ports 4 - Remainder of nmap default port list and no pings 5 - Remainder of all 65535 ports I run phase 4 & 5 with -T Aggressive and -sS to ease the impact on my customers' servers and still get the work done in a reasonable time. I also use a list of IP's as input with the -iL so I can parse the output and determine what had found ports vs not as I roll through. Since the port list for 4 & 5 is fairly disjointed (e.g 1-5,7-9,11,13,etc), it takes up a lot of space on the command line. It seems that phase 5 takes a considerable amount of memory if I don't use the max_hostgroup and -sT to throttle down. Questions: 1. How is a large list of discontinuous ports handled by nmap vs a singe continuous list (1-1024)? Could the first condition cause a larger memory requirement? 2. Is there a difference in memory requirements if I use a list of IP's, one per line, vs a specific sequence (10.10.10.10-255)? 3. Could the large list of ports require more memory as I work my way through a relatively long list of IP's? Thanks and keep up the great work! TIA, Digger --------------------------------- Yahoo! Autos. Looking for a sweet ride? Get pricing, reviews, & more on new and used cars. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- Long disjointed list of ports causing performance drop?? Steve (Jan 24)
- Re: Long disjointed list of ports causing performance drop?? Fyodor (Jan 24)