Nmap Development mailing list archives
Re: Scan 3 thousand host consume severals hour
From: Andreas Ericsson <ae () op5 se>
Date: Tue, 20 Dec 2005 12:44:42 +0100
Ricardo A. Reis wrote:
Hi Sina,A few comments: You mentioned 3000 machines, yet you are scanning a range of 65536 machines because you are scanning an entire class B networkYes, you this correct The UNIFESP network topology exist many network segment's with subnet mask /24, but doesn't a continuum host's, this a problem caused by sub-net delegation. For samples is 172.16.[1-3,150-163].XXX, in the past i used a list provide per ettercap using arp-request function but this cause a problem with arp tables in old cabletron switches and cisco routers.
You know you can type nmap <scan-options> 172.16.1-3,150-163.1-254 right?
Also, you are doing a TCP scan and a UDP scan. You might want to simply do a syn scan, as that is faster. The TCP scan will take forever and a day unfortunately ... This is no fault of nmap, but it is due to the fact that it has to do a three way handshake, and also remember that the firewalls aren't helping things any, *smile*.You this correct again, i always use -sS with no windows hostsI would recommend that you find a better way of narrowing down the machines you have. For example, can you simply do a list scan of the machines on your network and then grep/awk for the appropriate entries to place into a hosts file which you can pass into nmap with -iL ...I use also -P0 per XP firewall block icmp, with this scan is more slowly.
When you're using -P0 you tell nmap to not send any ICMP pings. If it *does* send those pings without getting a response the host will be considered down and won't be scanned at all. OTOH, if you don't send PING and scan 62000 hosts that just aren't there you'll end up sending a minimum of 62000 * 65535 packets that won't ever get a response. Needless to say, this is a big, fat waste of time. -- Andreas Ericsson andreas.ericsson () op5 se OP5 AB www.op5.se Tel: +46 8-230225 Fax: +46 8-230231 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- Scan 3 thousand host consume severals hour Ricardo A. Reis (Dec 18)
- RE: Scan 3 thousand host consume severals hour Sina Bahram (Dec 18)
- RE: Scan 3 thousand host consume severals hour Ricardo A. Reis (Dec 19)
- Re: Scan 3 thousand host consume severals hour Andreas Ericsson (Dec 20)
- Re: Scan 3 thousand host consume severals hour Ricardo A. Reis (Dec 22)
- RE: Scan 3 thousand host consume severals hour Ricardo A. Reis (Dec 19)
- RE: Scan 3 thousand host consume severals hour Sina Bahram (Dec 18)
- Re: Scan 3 thousand host consume severals hour Ron (Dec 18)
- Re: Scan 3 thousand host consume severals hour Ricardo A. Reis (Dec 19)