Nmap Development mailing list archives
feature suggestion: host-level parallelism
From: Florin Andrei <florin () sgi com>
Date: 22 Nov 2002 13:14:00 -0800
I'm running this nmap command on a /24 network: nmap -sT -p 1-65535 -P0 -R nmap seems to scan hosts one by one. This is fine when firewalls just REJECT packets, but it's not fine when they DROP packets (i'm using the iptables jargon). In the latter case, basically the hosts for which the packets are dropped act essentially like tarpits (teergrube), slowing down the whole process. I would suggest implementing some degree of host parallelism into nmap for when TCP (or UDP) scanning targets larger than /32. I am aware of the fact that nmap already has port-level parallelism, and i appreciate that. I can't seem to find any switch to enable host-level parallelism for this type of scan (TCP scan, no pings). I think nmap relies on ping probes to fake host-level parallelism for TCP scans (ICMP- or TCP-ping it before, an don't scan if it doesn't answer). If that's true, then it's not enough; some degree of proper host-level parallelism should be implemented purely for the TCP scans, otherwise you could either miss hosts (if you enable pinging before the actual scan and you happen to ping a port that's filtered out) or get a very slow scan on "tarpitted" networks (if you disable pinging). Right now i'm implementing a scripting wrapper to enable host-level parallelism: - launch a controlled number of nmap processes - periodically test to see how many of them completed the task - launch new processes to replace the ones who completed - repeat until exhaust the entire target address space But that's fairly complex and not pretty at all, not to mention that i loose the ability to get all results in a single file (well, yeah, i could do some tweaking for that, but...). nmap could achieve the same thing (in theory) in a single process, without the mentioned disadvantages. Of course, one could just launch one nmap process for each address, all at once in a loop without pause, but sometimes when doing that even a /24 network could bring down a machine. ;-) -- Florin Andrei It's ok to use the names of your pets or children as passwords as long as they contain several non-alphanumeric characters. --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- feature suggestion: host-level parallelism Florin Andrei (Nov 22)