Re: Improving nmap performance

[Lance Spitzner <lance () honeynet org>]

On Fri, 30 Aug 2002, Brad Powell wrote:

> > Not sure if this is commonly known, however I wanted to share
> > something I've learned with nmap.  As part of my job, I often
> > do a great deal of scanning of firewalls, or scanning through
> > firewalls.  This can be VERY TIME consuming, as you get no
> > response for each probe, a full scan (all 65000+ ports) of a 
> > firewall used to average me 3200 seconds.  While teaching
> > a class we were able to DRAMATCALLY reduce this for TCP
> > scans to average 840 seconds.  Using the following command line
> > options
> >
> >   --max_rtt_timeout 50 --max-parallelism 100
>
>
> Kewl, -BUT- is this also using "-p-" otherwise your -not- checking
> all the ports, only the "known" ones.
>
> I'd still expect to see vast speed improvments, but maybe not as great as those
> quoted.

Brad asks an AWESOME question!  I forgot to say we got average scans
of 840 seconds scanning ALL 65000+ ports with the tweaks above.  All seven of
our laptops that scanned the firewall, and through the firewall, found all
the open and accessible ports, so we did not have any dropped packets
from any of the clients.

Note: this was one specific test incident in a closed, lab environment.
Your mileage may vary :)

lance


--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to 
nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).