Security Basics mailing list archives
Re: Advice on Fastest NMAP Scan
From: xyberpix <xyberpix () xyberpix com>
Date: Thu, 28 Oct 2004 20:15:48 +0100
Me too,if someone's got the knowledge to code the program, then you can bet they know how to use it. Fyodor, yeah when's the book out, and do you need any reviewers? xyberpix On Thu, 2004-10-28 at 02:23, GuidoZ wrote:
Personally, I'd trust the author to give correct advice. ;) Good to see you on here Fyodor. When do you expect the book to be due out? -- Peace. ~G On Tue, 26 Oct 2004 16:05:57 -0700, Fyodor <fyodor () insecure org> wrote:On Tue, Oct 26, 2004 at 09:58:50AM -0500, Mogren, Jack L. wrote:Here's what I've come up with so far. nmap -O -T4 -PE -F --osscan_limit -oX /home/security/test.xml -iL /home/security/ip_addresses.txt Any comments or suggestions?First off, make sure that you are using Nmap 3.75. Nmap 3.70 included a complete port scan engine rewrite for better performance (among other advantages) and then 3.75 tweaked it to be even better. You can obtain Nmap 3.75 from http://www.insecure.org/nmap . Since you know your network, you may be able to help Nmap by setting a maximum retransmission timeout. Are you scanning over multiple continents, or just a local network? If you can assume that responses won't take more than 100ms, add --max_rtt_timeout 100 for a big speed boost. Also, use a large host group such as --min_hostgroup 128 so that many hosts are scanned in parallel. Play with the numbers a bit to figure out what works best on your particular network. You could also consider a custom nmap-services file with just a couple hundred of the most common TCP ports. Even the -F option still scans more than 1200 ports by default. I would be interested to hear how it goes. If you find that it is too slow for your needs, let me know. I am working on a performance chapter of my upcoming O'Reilly Nmap book, so I have studied several such large network situations. A class B and several class C's shouldn't be any problem at all for regular scanning. Your "entire private address space" make take a while, depending on your setup. Scanning 10.0.0.0/8 is 16 million IPs, so don't expect it to complete during lunch. Some of the tools that claim incredibly speeds don't even handle retransmissions or other reliability requirements. I hope this helps, Fyodor
-- For Security and Open Source news: http://xyberpix.demon.co.uk
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Re: Advice on Fastest NMAP Scan xyberpix (Nov 01)
- <Possible follow-ups>
- RE: Advice on Fastest NMAP Scan Clement Dupuis (Nov 02)