Nmap Development mailing list archives
Re: Issues with nmap
From: David Fifield <david () bamsoftware com>
Date: Thu, 16 Apr 2009 10:01:45 -0600
On Wed, Apr 15, 2009 at 06:30:15PM -0400, Anthony wrote:
I'm running nmap for quite some time. The last nmap versions 4.20 and the latest 4.76 I'm having issues with. The following is an output as to a local box that i'm scanning: nmap -sS -P0 -O -p 1-65535 -v -v --version-intensity 9 192.168.0.4 --scan-delay 215 -T paranoid fcbox.log I have tested with my firewalls turned on, firewalls turned off, ICMP on ICMP off, and this message keeps cropping up: Increasing send delay for 192.168.0.4 from 215 to 430 due to max_successful_tryno increase to 4 Increasing send delay for 192.168.0.4 from 430 to 860 due to 11 out of 15 dropped probes since last increase. And, during the scans, keeps increasing.
Hi Anthony, thanks for your question. The messages you see indicate that packets are being rate limited somewhere in your network. What that means is that some host or firewall is refusing to respond to probes faster than a certain rate. It looks like 192.168.0.4 is limiting replies (probably RSTs) to 1 a second at most. Nmap will slow its scanning rate to 1 probe per second and not get slower after that. Try running with the --packet-trace option to see what kind of replies you are receiving. For scanning a local network of your own machines, -T paranoid is not what you want. That waits *five minutes* between each probe (http://nmap.org/book/man-performance.html). The only reason it's not going that slow for you is that you asked for --scan-delay 215. (Where did the number 215 come from?) If you want to put a limit on how much Nmap will slow down, use --max-scan-delay: nmap -sS -P0 -O -p 1-65535 -v -v --version-intensity 9 192.168.0.4 --max-scan-delay 215 -T4 -oN fcbox.log A more extreme option is to use --min-rate to force the scan to go at a certain rate.
Also during the scans, I cannot access web sites, or retrieve mail... Yet, i can ping, and run other commands (xprobe2, etc) from the command line. Any suggestions?
I don't know what's going on here, but my best guess is that your router is limiting the number of connections it's willing to maintain. Try scanning a machine not through the router and see if it still happens. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Issues with nmap Anthony (Apr 15)
- Re: Issues with nmap David Fifield (Apr 16)