Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Issues with nmap

From: David Fifield <david () bamsoftware com>
Date: Thu, 16 Apr 2009 10:01:45 -0600
On Wed, Apr 15, 2009 at 06:30:15PM -0400, Anthony wrote:

   I'm running nmap for quite some time. The last nmap versions 4.20 and
the latest 4.76 I'm having issues with. The following is an output as to
a local box that i'm scanning: nmap -sS -P0 -O -p 1-65535 -v -v
--version-intensity 9 192.168.0.4 --scan-delay 215 -T paranoid
fcbox.log I have tested with my firewalls turned on, firewalls turned
off, ICMP on ICMP off, and this message keeps cropping up: 

Increasing send delay for 192.168.0.4 from 215 to 430 due to
max_successful_tryno increase to 4
Increasing send delay for 192.168.0.4 from 430 to 860 due to 11 out of
15 dropped probes since last increase.

    And, during the scans, keeps increasing.


Hi Anthony, thanks for your question. The messages you see indicate that
packets are being rate limited somewhere in your network. What that
means is that some host or firewall is refusing to respond to probes
faster than a certain rate. It looks like 192.168.0.4 is limiting
replies (probably RSTs) to 1 a second at most. Nmap will slow its
scanning rate to 1 probe per second and not get slower after that. Try
running with the --packet-trace option to see what kind of replies you
are receiving.

For scanning a local network of your own machines, -T paranoid is not
what you want. That waits *five minutes* between each probe
(http://nmap.org/book/man-performance.html). The only reason it's not
going that slow for you is that you asked for --scan-delay 215. (Where
did the number 215 come from?) If you want to put a limit on how much
Nmap will slow down, use --max-scan-delay:

        nmap -sS -P0 -O -p 1-65535 -v -v --version-intensity 9 192.168.0.4 --max-scan-delay 215 -T4 -oN fcbox.log

A more extreme option is to use --min-rate to force the scan to go at a
certain rate.


Also during the scans, I cannot access web sites, or retrieve mail...
Yet, i can ping, and run other commands (xprobe2, etc) from the
command line. Any suggestions?


I don't know what's going on here, but my best guess is that your
router is limiting the number of connections it's willing to maintain.
Try scanning a machine not through the router and see if it still
happens.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: