Penetration Testing mailing list archives
Re: nmap udp scan time
From: Anders Thulin <anders.thulin () sentor se>
Date: Mon, 29 Oct 2007 09:04:00 +0100
Kevin Mc Grath wrote:
I have completed a udp scan on an embedded device in the lab and the scan duration was 18.22 hours. The scan syntax used is as follows: nmap -sU -p0-65535 <ip_addr> Should a UDP scan take such a long time? Could the scan time relate to some problem with the device?
If you don't get any negative response (such as the various ICMP unreachables) from the device, it will largely be a question of timeouts and retransmissions. Factor in the number of UDP ports probed in parallel, and the general speed of the network connection, and you should be able to say if 18 hours is in the ballpark or not. Read and consider: http://insecure.org/nmap/man/man-port-scanning-techniques.html http://insecure.org/nmap/man/man-performance.html Note that nmap adjusts the number of concurrent probes based on its performance. You may have to force its lower limit (--min_parallelism) to something larger than 1. Note also the default value of --max_retries, which is rather conservative for reasonably fast devices on a lightly-loaded local LAN. Check the http://insecure.org/nmap/docs.html for more useful documents. The Nmap book will probably be the definitive reference on Nmap ... if and when it is published. -- Anders Thulin anders.thulin () sentor se 070-757 36 10 ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- nmap udp scan time Kevin Mc Grath (Oct 26)
- Re: nmap udp scan time Gleb Paharenko (Oct 29)
- RE: nmap udp scan time Strykar (Oct 29)
- Re: nmap udp scan time Anders Thulin (Oct 29)
- RE: nmap udp scan time John Forristel (SunGard-Chico) (Oct 29)
- Re: nmap udp scan time Fyodor (Oct 30)
- <Possible follow-ups>
- Re: nmap udp scan time jpecou (Oct 29)
- Re: nmap udp scan time jason_jones98 (Oct 30)