Nmap Development mailing list archives
max-scan-delay not honored?
From: Filippo Solinas <allanon-ph () users sf net>
Date: Fri, 10 Mar 2006 19:38:25 +0100
Hi *, having spent some time playing with the timing & performance options in Nmap 4.01, I then realized that --max-scan-delay seems not work as expected. Or maybe I'm missing something. In the following example, max-scan-delay is set to 100 ms, but it's never honored, as the delta between probes can put in evidence: -x- # nmap -P0 -sS -vv --packet-trace -p 0-4,80,81-85 -r --max-parallelism 1 --max-scan-delay 100 --max-retries 0 X.Y.Z.100 Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at 2006-03-10 17:53 CET [ cut DNS stuff ] Initiating SYN Stealth Scan against X.Y.Z.100 (X.Y.Z.100) [11 ports] at 17:53 SENT (0.0660s) TCP 10.0.0.10:58763 > X.Y.Z.100:0 S ttl=58 id=13702 iplen=44 seq=2247559876 win=3072 Warning: Finishing early because retransmission cap hit. *** delta = 1.009 > max-scan-delay ! SENT (1.0750s) TCP 10.0.0.10:58763 > X.Y.Z.100:1 S ttl=51 id=29355 iplen=44 seq=2247559876 win=4096 *** delta = 1.001 > max-scan-delay ! SENT (2.0760s) TCP 10.0.0.10:58763 > X.Y.Z.100:2 S ttl=57 id=41979 iplen=44 seq=2247559876 win=2048 *** delta = 1.009 > max-scan-delay ! SENT (3.0850s) TCP 10.0.0.10:58763 > X.Y.Z.100:3 S ttl=45 id=7486 iplen=44 seq=2247559876 win=2048 *** delta = 1.001 > max-scan-delay ! SENT (4.0860s) TCP 10.0.0.10:58763 > X.Y.Z.100:4 S ttl=56 id=55334 iplen=44 seq=2247559876 win=1024 *** delta = 1.000 > max-scan-delay ! SENT (5.0860s) TCP 10.0.0.10:58763 > X.Y.Z.100:80 S ttl=46 id=9344 iplen=44 seq=2247559876 win=3072 *** delta = 0.153 > max-scan-delay ! RCVD (5.2380s) TCP X.Y.Z.100:80 > 10.0.0.10:58763 SA ttl=46 id=0 iplen=44 seq=1916746295 win=5840 ack=2247559877 Discovered open port 80/tcp on X.Y.Z.100 SENT (5.2390s) TCP 10.0.0.10:58763 > X.Y.Z.100:81 S ttl=47 id=28046 iplen=44 seq=2247559876 win=4096 *** delta = 0.757 > max-scan-delay ! SENT (5.9960s) TCP 10.0.0.10:58763 > X.Y.Z.100:82 S ttl=37 id=56448 iplen=44 seq=2247559876 win=2048 *** delta = 0.760 > max-scan-delay ! SENT (6.7560s) TCP 10.0.0.10:58763 > X.Y.Z.100:83 S ttl=55 id=35070 iplen=44 seq=2247559876 win=4096 *** delta = 0.760 > max-scan-delay ! SENT (7.5160s) TCP 10.0.0.10:58763 > X.Y.Z.100:84 S ttl=40 id=54959 iplen=44 seq=2247559876 win=1024 *** delta = 0.154 > max-scan-delay ! RCVD (7.6690s) ICMP X.Y.Z.1 > 10.0.0.10 communication administratively prohibited by filtering (type=3/code=13) ttl=239 id=14885 iplen=56 SENT (7.6700s) TCP 10.0.0.10:58763 > X.Y.Z.100:85 S ttl=46 id=7298 iplen=44 seq=2247559876 win=3072 The SYN Stealth Scan took 8.22s to scan 11 total ports. -x- Adding "--initial-rtt-timeout 100" has the effect to set the scan delay to that value (100 ms), but obviously has the side-effect to miss all probe responses, depending on the rtt. It seems that --max-scan-delay takes part only in limiting the send delay when increased due to dropped probes. But I would expect max-scan-delay was considered an absolute limit, as per manpage "the largest delay that Nmap will allow". Opinions? Thanks, ph. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- max-scan-delay not honored? Filippo Solinas (Mar 10)
- Re: max-scan-delay not honored? Fyodor (Mar 10)
- Re: max-scan-delay not honored? Fyodor (Mar 10)
- Re: max-scan-delay not honored? Filippo Solinas (Mar 10)
- Re: max-scan-delay not honored? Fyodor (Mar 10)
- Re: max-scan-delay not honored? Filippo Solinas (Mar 11)
- Re: max-scan-delay not honored? Fyodor (Mar 10)