Nmap Development mailing list archives
Re: RTT Timeouts
From: Fyodor <fyodor () insecure org>
Date: Sun, 17 Jan 2010 02:06:12 -0800
On Fri, Jan 15, 2010 at 03:20:39PM -0500, Jon Kibler wrote:
I have been playing with speeding up the scanning of a system that is one hop away from my probe box. When I ping the system, the RTT for the first ping is about 1.5ms (mostly ARP), and thereafter it is more like 0.25ms to 0.33ms. However, because I am doing a deep version probe of all ports (TCP and UDP), the scan takes "forever" to complete. I would like to set the min-rtt-timeout to be about 0.5ms and the maximum to be about 2.5ms.
Hi Jon. The rtt-timeout values mostly only matter for port scan timing, and the vast majority of time spent on your fast network is probably in version detection. With -v, you can watch how long the different scan segments are taking. Version detection often has to wait 5+ seconds per probe because even though the network is fast, applications often respond much more slowly. For example, many will do a whole reverse DNS lookup on the client before responding. To speed this up, you'll want to increase parallelization so that many of these 5s timeouts are occuring concurrently rather than sequentially. You can do this by raising the --min-hostgroup and --min-parallelism. You can also speed things up by specifying --version-light, though version detection might not identify some services on nonstandard ports. Cheers, Fyodor _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- RTT Timeouts Jon Kibler (Jan 15)
- Re: RTT Timeouts [SO_DONTROUTE again] Kris Katterjohn (Jan 15)
- Re: RTT Timeouts Fyodor (Jan 17)