Penetration Testing mailing list archives

RE: Nmap scanning speed

From: "Tate Hansen" <tate () ClearNetSec com>
Date: Fri, 11 Nov 2005 20:15:46 -0700

I think the answer is no.  We had new quad dual core opteron systems w/16GB
of RAM (~$35k each) running 8 unique nmap processes, with the following
options:

/usr/local/bin/nmap -vv -sS -P0 -p 1-65535 -n --min_hostgroup 100
--max_rtt_timeout 1250 --min_parallelism 100 <a_/24_block>

We were scanning a /16, but broke the nmaps down on /24 blocks.  All the
parallel nmap "services" scans (1668 ports) worked fine (~40 hours to
complete the /16 using options above).  

When doing a 65k TCP port scan, the systems start off fast but quickly slow
down.  Each nmap became very memory hungry (consuming 1.2Gbytes per
process).  After 30+ hours or so, we were only pushing ~550 packets/s.
These systems are running SuSE Linux Enterprise Server 9 (x86_64); all
defaults and running nmap version 3.93.  

I think the alternatives are better for large port scanning efforts (unicorn
or scanrand), unless you are simply performing a services scan or something
comparable.
-Tate

Tate Hansen
ClearNet Security

-----Original Message-----
From: Trent () yahoo co uk [mailto:Trent () yahoo co uk] 
Sent: Thursday, November 10, 2005 12:13 PM
To: pen-test () securityfocus com
Subject: Nmap scanning speed

I have to scan a large network. is it possible to get good port scanning
speed of over 700 ports per second from nmap? 

if so what is the kind of hardware required? hsa 

thank you in advance




------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Current thread:

Nmap scanning speed Trent (Nov 10)
- Re: Nmap scanning speed Justin (Nov 11)
- Re: Nmap scanning speed ilaiy (Nov 11)
  - Re: Nmap scanning speed Chris Moody (Nov 21)
- RE: Nmap scanning speed Tate Hansen (Nov 13)
  - Re: Nmap scanning speed robert (Nov 15)
- RE: Nmap scanning speed Tony Carter (Nov 15)
- <Possible follow-ups>
- Re: Nmap scanning speed annika2002 (Nov 14)
  - Re: Nmap scanning speed jgervacio (Nov 15)
- RE: Nmap scanning speed Chris Fahey (Nov 21)
- Re: Re: Nmap scanning speed tarunthenut (Nov 25)