Nmap Development mailing list archives

Re: Qscan in NSE: qscan.nse

From: Kris Katterjohn <katterjohn () gmail com>
Date: Thu, 08 Apr 2010 18:30:00 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/08/2010 06:02 PM, Ron wrote:

So, I'm using qscan for the first time and it's been running 12 minutes longer than any other script so far, with 
absolutely no debug output. It looks like it's sequentially scanning ports and it's up to 7000 or so (I'm doing all 
ports). 

We should maybe look at how we can make this run faster, or more parallel, or only against ports that were detected 
as open/closed. 

Thoughts?


Well, it already only goes against open and/or closed ports.

Lowering the delay can certainly make it faster, but could cost accuracy
depending on how far you go.

A problem with making it faster is that it's a timing based scan, so I'm not
too fond of making it parallel across ports.  We're trying to find differences
in times between ports, but we could create (or also mask) this ourselves by
probing many ports at once.  Maybe this can be shown to not cause problems?

Cheers,
Kris Katterjohn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJLvmb3AAoJEEQxgFs5kUfuR8EP/3ERhpDQbBASBks77/XNwq1L
jVQTX2Y6EcXkRV/Nez4/ql5b5j6UXYd5dCnH0hHIqpXyCO2d3EDRVr7S8BniI5K7
nU0DOl0JtznbLvoj+I6nfLrlE+sfP6myFbOCVTj30UqSZx7clQK6uqgC6rr9Ukwl
/Og9I9Qe0aPsJ8rV2VTwWXTiEuoo0tt4QYQ39DMN6pKdnly1ZGj2zB6NcYs0sH7C
mVt4c6bEvJalYLx7wVOsxEYnbm+UTi+GrT+a1Ddsb1d/Ui8J1yBZIDlxNLfqGbhV
AqtKI928+mCnleR6ChkotcZaxcHaXIkoyCw/ug/e2GaEdfyljqJKju1t6uYT27FS
aN2Ah7h1QVVsiCXdfedQoFQgXz6jmkiw/R6yD89RGNwtsc53YKQ33JYgrz30j4BR
uyA5v8c+xwKOlj6HnNctvjtXPTrqcp6gG2G8bNQjR1qVpXYHBVKRr01wGD7uQHVT
Hg50b/7RttuOKoR6fAVP2BhKkjWsYkxRkRehxgMrSiDfFXelApgYC0iZgI6bUyKY
R4zGhuqPFEGS60XgGRqXffsCOmF4f7o9QEv6EpZdmW6qhnfM5t9Iugm15wJ7n2m2
5PSE3dvMQYF+Lvbi1EW0qAqeOzWYudXt4TMRXLzYsQpjcZ6rhDdx9u+DdkU/DBv9
88mCX6rcAtHWC+anUIdi
=qSPD
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Re: Qscan in NSE: qscan.nse Ron (Apr 08)
- Re: Qscan in NSE: qscan.nse Brandon Enright (Apr 08)
- Re: Qscan in NSE: qscan.nse Kris Katterjohn (Apr 08)
  - Re: Qscan in NSE: qscan.nse Ron (Apr 08)
  - Re: Qscan in NSE: qscan.nse Brandon Enright (Apr 08)
    - Re: Qscan in NSE: qscan.nse Brandon Enright (Apr 08)
    - Re: Qscan in NSE: qscan.nse Brandon Enright (Apr 14)
    - Re: Qscan in NSE: qscan.nse Kris Katterjohn (Apr 15)
    - Re: Qscan in NSE: qscan.nse David Fifield (Apr 21)
    - Re: Qscan in NSE: qscan.nse doug (Apr 15)