Nmap Development mailing list archives
Re: Performance Tuning NMAP
From: Okan Demirmen <okan () demirmen com>
Date: Fri, 17 Dec 2004 11:34:40 -0500
On Fri 2004.12.17 at 10:18 -0600, Bill Petersen wrote:
Hello, A project I am working on will require me to scan over 1 million IPs monthly (yes, all owned by my company). I have acquired a dual Xeon 3GHz system with 4GB of RAM for the job. I plan to turn on -sV and -O to get version and OS information in addition to 'is the machine up' and general port information. It will be running Fedora Core 3. My questions are: 1. How would you tune this system for the task? 2. What options would you turn on / off at compile time? 3. How would you tune nmap at run time for the task?
I'm not going to comment on the OS tuning or compile time flags/options for nmap - in fact, I may just leave nmap as it is, for I don't believe that is your bottleneck. If I were you, I'd carefully think about what you want out the scan reports. Asking to scan that may hosts may give you stale information once it is complete - though I probably have different expectations out of my scans - my scans trigger other "things". I've found that I am able to manage nmap processes to do multiple scans from multiple sources and report back into one location, much better than letting nmap scan the block(s) for you - similar to what you have done, but distributing the scanning engine. When you are doing OS idents, think about limiting the probed ports - I've been able to drop my OS fingerprint times significantly, especially while traversing firewalls. I've never run wide scoping version scanning on our networks, so I can't comment there. That's all off the top of my head...good luck. Okan
In the past, threads within nmap have not helped me much. I have actually used a perl script to help me maximize the throughput by running up to 190 concurrent nmaps (on a similarly configured machine). I'd like to get away from that and have nmap take over the task. Any suggestions? Thanks for your input. Regards, Bill -- Bill Petersen, CISSP Senior Information Security Analyst North American Information Security Group Alcatel USA, Plano, Texas 972-519-4249 Voice 972-519-4830 FAX Bill.Petersen () alcatel com
-- Okan Demirmen <okan () demirmen com> PGP-Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB3670934 PGP-Fingerprint: 226D B4AE 78A9 7F4E CD2B 1B44 C281 AF18 B367 0934 --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- [PATCH] Get nmap 3.77 compiling on HP-UX Petter Reinholdtsen (Nov 17)
- Re: [PATCH] Get nmap 3.77 compiling on HP-UX Fyodor (Nov 17)
- Re: [PATCH] Get nmap 3.77 compiling on HP-UX Petter Reinholdtsen (Nov 17)
- Re: [PATCH] Get nmap 3.77 compiling on HP-UX Fyodor (Nov 17)
- Re: [PATCH] Get nmap 3.77 compiling on HP-UX Petter Reinholdtsen (Nov 17)
- Re: [PATCH] Get nmap 3.77 compiling on HP-UX Albert Chin (Nov 23)
- Re: [PATCH] Get nmap 3.77 compiling on HP-UX Petter Reinholdtsen (Nov 23)
- Re: [PATCH] Get nmap 3.77 compiling on HP-UX Albert Chin (Nov 23)
- Performance Tuning NMAP Bill Petersen (Dec 17)
- Re: Performance Tuning NMAP Okan Demirmen (Dec 17)
- Re: Performance Tuning NMAP Martin Mačok (Dec 18)
- Re: [PATCH] Get nmap 3.77 compiling on HP-UX Petter Reinholdtsen (Nov 23)
- Re: [PATCH] Get nmap 3.77 compiling on HP-UX Fyodor (Nov 17)