Nmap Development mailing list archives
Re: very nmap service scans
From: Daniel Miller <bonsaiviking () gmail com>
Date: Thu, 30 Jun 2011 07:08:38 -0500
To help answer this question, here's some information on version scanning: A default version scan sends up to 22 probes per tcp port and 15 probes per UDP port [1]. That's worst-case, since if the version is identified before that the scan will stop for that port. To speed things up, you could specify --version-light, which only sends the most likely probes, and reduces the number to 3 TCP and 2 UDP probes (in addition to any probes designed specifically for the ports that are open). This could result in a major speedup, but will make the scan less likely to identify all services. Dan [1] awk '/^Probe/{p=$2};/^rarity/{for(i=$2;i<10;i++)f[p,i]++}END{for(i in f)print i,f[i]}' nmap-service-probes | sort -n On Wed, Jun 29, 2011 at 10:39 AM, Chris Clements <cclements () flatearth net>wrote:
When I run the following nmap (svn 24435) command on my local network: Nmap A vvvv sSUCV O T4 ‹max-scan-delay 200ms ‹masx-rtt-timeout 200ms 192.168.2.25-254 The tcp and udp scans complete in ~14s and discover a total of 50 open ports across 11 hosts. The service scan then starts and takes around an hour and a half, followed by the NSE scan that takes around 15s. Two questions about this: 1. With the configured timings and responses of the tcp, udp, and nse scans, is it expected that a default version scan would take 1.5h for 50 open ports (total, not per host)? 2. Is there a way I can increase the speed of the version scan? While it is running, a tcpdump only shows between 3-10 packets per second being sent, and through put varying from 30 bytes/sec to 2 Kb/sec. Chris Clements _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- very nmap service scans Chris Clements (Jun 29)
- Re: very nmap service scans Daniel Miller (Jun 30)