Nmap Development mailing list archives
Re: some nmap tools
From: "testic+testic" <testic () testic demon co uk>
Date: Sun, 7 Dec 2003 15:06:37 -0000
was intrigued by the idea of scanning such a large number of hosts,
especially doing all the scanning from a single machine. I did some quick
calculations in order to get a perspective.
Assuming all TCP packets (SYN, ACK, FIN etc) are all the same size of 160
bits (20 bytes)...
We send a SYN packet to a remote port...
If the remote port is 'open', ie a service is listening on that port, the
sender will recieve a SYN/ACK.
If the port is 'filtered' the sender will recieve an RST packet.
If the port is 'closed' nothing at all will be recieved.
In 'filtered' and 'closed' states the sender need send no more data at all.
Only in 'open' state does any further data need to be sent, in this state we
will be sending a further ACK and also we need to close the connection, Nmap
I believe will neatly close the connection using FIN. As far as I can tell
this will result in FIN, CLOSE and FIN/ACK packets being sent and FIN/ACK
and FIN packets being recieved. For simplicity I am assuming all these basic
packet are the same size of 160 bits (20 bytes).
Assuming a remote host has 2 'open' ports and 2 'filtered' ports, and given
that there are 1223 services in nmap-services this will result in:
1,223 SYN's being sent. (195,680 bits (24,460 bytes))
2 RST's being recieved ('filtered' ports) (320 bits (40 bytes))
2 SYN/ACK's recieved ('open' ports) (320 bits (40 bytes))
2 ACK's sent (final part of 3-way handshake) (320 bits (40 bytes))
2 x FIN, CLOSE and FIN/ACK sent (for closing the open connection) (a total
of 960 bits (120 bytes))
2 x FIN/ACK and FIN recieved (for closing the open connection) (a total of
480 bits (60 bytes))
Total sent per host: 196960 bits (24620 bytes) Total recieved per host: 1120
bits (140 bytes).
If there are 80,000 hosts to be scanned that is a grand total of 15756.8
million bits (1878.36 MB) being sent and 89.6 million bits (10.68 MB) being
recieved. To put it another way, 98.48 million packets are sent and 640,000
are recieved.
If this scan takes 10 hours to complete then 2735 packets are sent per
second!
testic
PS, apologies for any errors :)
---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- some nmap tools MadHat (Dec 06)
- Re: some nmap tools Bo Cato (Dec 07)
- Re: some nmap tools MadHat (Dec 07)
- RE: some nmap tools Hasnain Atique (Dec 07)
- Re: some nmap tools MadHat (Dec 07)
- RE: some nmap tools Hasnain Atique (Dec 08)
- Re: some nmap tools MadHat (Dec 07)
- Re: some nmap tools Bo Cato (Dec 07)
- <Possible follow-ups>
- Re: some nmap tools testic+testic (Dec 07)
- Re: some nmap tools Akbar Ali (Dec 07)
- Re: some nmap tools Tristan Seligmann (Dec 09)
- Re: some nmap tools MadHat (Dec 09)