Nmap Development mailing list archives
Re: nmap scanning techniques and execution privileges
From: Brahim Sakka <brahim.sakka () gmail com>
Date: Wed, 21 Dec 2011 19:57:27 +0100
2011/12/14, Guillaume Rousse <guillomovitch () gmail com>:
Hello list. I'm using nmap to scan large IP ranges (B classes) this way: nmap -sV -T5 -F -oX - When advised that some of the servers were missing in the report, I read the manual, and found than default scanning technique when run without raw socket priveleges was to use TCP connect scan, instead of TCP SYN scan, which is considered a better option. So I switched to root privileges instead: sudo nmap -sV -T5 -F -oX - But now I discovered then some other servers were missing in the new report. After investigating the issue, I found than raw socket privileges allow to use ICMP to speed up the scan by skipping non-responsing hosts, and the missing host were those not responding to ICMP echo probes. So I attempted to disable this optimisation: sudo nmap -sV -Pn -T5 -F -oX - But now scanning a class B range needs more than 12 hours to complete :( So, how does the first nmap command, run as standard user without ICMP optimisation, complete in just one hour, while the same command run as root is more than 10 times slower ?
You said it. The "enhanced" version of the command will scan every single host, while the first/second one only scanned these hosts that replied to ICMP requests. You do the math :-)
Also, if I can't have a magic set of options to discover all the running servers in a single run, is there any way to merge results from two different scans ?
Try importing both results in Zenmap.
-- BOFH excuse #353: Second-system effect. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- nmap scanning techniques and execution privileges Guillaume Rousse (Dec 14)
- Re: nmap scanning techniques and execution privileges Brahim Sakka (Dec 21)
- Re: nmap scanning techniques and execution privileges Guillaume Rousse (Dec 22)
- Re: nmap scanning techniques and execution privileges Brahim Sakka (Dec 21)