Nmap Development mailing list archives
Effect of scan rate on scan time
From: David Fifield <david () bamsoftware com>
Date: Tue, 23 Dec 2008 12:32:55 -0700
Hi, With any luck I'll be able to merge the nmap-perf improvements to scan delay soon. This new system measures the rate at which responses are received and uses that to set a maximum rate when necessary. I have been running many tests against two rate-limited test hosts, one with a configured rate limit of 1 response per second, and one with a limit of 250 per second. I had been assuming that these configured rate limits were accurate, but I seemed to be able to scan a little faster than 1 send per second against the first host, and the rate limit seemed to settle in at about 150 rather than 250 for the second host. So I ran some tests at fixed rates (using --min-rate X --max-rate X) near the configured limits. Results from those tests are at http://www.bamsoftware.com/wiki/Nmap/PerformanceNotes#rate-scatter It turns out we can go a little faster than 1 send per second against the first host, though keeping it at 1 is not too bad. Sending faster than 150 per second against the second host leads to excessive drops and wrong port states. These graphs provide some evidence for this claim in the Reference Guide: In some cases, using a faster rate can make a scan take longer than it would with a slower rate. This is because Nmap's adaptive retransmission algorithms will detect the network congestion caused by an excessive scanning rate and increase the number of retransmissions in order to improve accuracy. Faster isn't always faster. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Effect of scan rate on scan time David Fifield (Dec 23)