Re: Performance Tuning NMAP

[Martin Mačok <martin.macok () underground cz>]

On Fri, Dec 17, 2004 at 10:18:18AM -0600, Bill Petersen wrote:

> A project I am working on will require me to scan over 1 million IPs
> monthly (yes, all owned by my company).

> I have acquired a dual Xeon 3GHz system with 4GB of RAM for the job.

Carefully choose the network card.

> I plan to turn on -sV and -O to get version and OS information in
> addition to 'is the machine up' and general port information. It
> will be running Fedora Core 3.

When -sV finds an unknown service response, investigate it and submit
the result to the web page or write a new service match by yourself
(and share it, please) - your scan will be faster next month :-)

> 3. How would you tune nmap at run time for the task?

I would set --max_rtt_timout to 2-3 multiple of observed maximum.
Setting --host_timeout would be good idea too.

Check all performance options in the man page, think about it and
experiment with it.

(Which type of ping method do you plan to use (if any)? How much ports
do you plan to scan? Which TCP scan method? Do you plan to scan for
UDP ports?)

> In the past, threads within nmap have not helped me much.

Could you be more specific, please?

Martin Mačok
IT Security Consultant

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org