Nmap Announce mailing list archives
Re: Timeout
From: Fyodor <fyodor () dhp com>
Date: Sun, 19 Sep 1999 22:34:42 -0400 (EDT)
On Sat, 18 Sep 1999, Lance Spitzner wrote:
why this happens. However, it would be great to have a "-t" option where you can set in seconds a time limit per IP. Any suggestion or recommendations on how to approach this?
Oh, allright :). Due to popular demand, I have added sophisticated timing control to Nmap. This allows you to set more aggressive timeouts (on a per-machine or per-probe basis) for greater speed. Or you can specify a "polite" scan to reduce network load and lower the probability of crashing systems. You can even demand that Nmap go VERY slow so you can do a several-day scan and stay below the radar of intrusion detection systems. You can choose one of 6 "canned" timing modes, or you can use new command-line options to roll your own behavior. That is the summary. Here is the new man page section which gives more complete details: TIMING OPTIONS Generally Nmap does a good job at adjusting for Network characteristics at runtime and scanning as fast as possible while minimizing that chances of hosts/ports going undetected. However, there are same cases where Nmap's default timing policy may not meet your objectives. The following options provide a fine level of control over the scan tim- ing: -T <Paranoid|Sneaky|Polite|Normal|Aggressive|Insane> These are canned timing policies for conveniently expressing your priorities to Nmap. Paranoid mode scans very slowly in the hopes of avoiding detec- tion by IDS systems. It serializes all scans (no parallel scanning) and generally waits at least 5 minutes between sending packets. Sneaky is simi- lar, except it only waits 15 seconds between send- ing packets. Polite is meant to ease load on the network and reduce the chances of crashing machines. It serializes the probes and waits at least 0.4 seconds between them. Normal is the default Nmap behaviour, which tries to run as quickly as possible without overloading the network or missing hosts/ports. Aggressive mode adds a 5 minute timeout per host and it never waits more than 1.25 seconds for probe responses. Insane is only suitable for very fast networks or where you don't mind losing some information. It times out hosts in 75 seconds and only waits 0.3 seconds for individual probes. It does allow for very quick network sweeps though :). You can also reference these by number (0-5). For example, '-T 0' gives you Paranoid mode and '-T 5' is Insane mode. These canned timing modes should NOT be used in combination with the lower level controls given below. --host_timeout <milliseconds> Specifies the amount of time Nmap is allowed to spend scanning a single host before giving up on that IP. The default timing mode has no host time- out. --max_rtt_timeout <milliseconds> Specifies the maximum amount of time Nmap is allowed to wait for a probe response before retransmitting or timing out that particular probe. The default mode sets this to about 9000. --initial_rtt_timeout <milliseconds> Specifies the initial probe timeout. This is gen- erally only useful when scanning firwalled hosts with -P0. Normally Nmap can obtain good RTT esti- mates from the ping and the first few probes. The default mode uses 6000. --max_parallelism <number> Specifies the maximum number of scans Nmap is allowed to perform in parallel. Setting this to one means Nmap will never try to scan more than 1 port at a time. It also effects other parallel scans such as ping sweep, RPC scan, etc. --scan_delay <milliseconds> Specifies the minimum amount of time Nmap must wait between probes. This is mostly useful to reduce network load or to slow the scan way down to sneak under IDS thresholds. Adding all this new timing functionality required changes in many parts of Nmap. Please try it out and tell me if I broke anything :). Also I would be happy to hear suggestions for improving the timing interface or problems with the way it works now. I'll send release notes for the new beta in a few minutes. Cheers, Fyodor -- Fyodor 'finger pgp () pgp insecure org | pgp -fka' Frustrated by firewalls? Try nmap: http://www.insecure.org/nmap/ "Be thankful you are not my student. You would not get a high grade for such a design :-) ... Writing a new OS only for the 386 in 1991 gets you your second 'F' for this term" -- Minix author/professor Andrew Tanenbaum to Linus Torvalds (Jan '92)
Current thread:
- Timeout Lance Spitzner (Sep 18)
- Re: Timeout Fyodor (Sep 19)