Nmap Development mailing list archives
Re: max-scan-delay not honored?
From: Filippo Solinas <allanon-ph () users sf net>
Date: Fri, 10 Mar 2006 23:50:08 +0100
On Fri, 10 Mar 2006 10:44:29 -0800, Fyodor wrote: | > # nmap -P0 -sS -vv --packet-trace -p 0-4,80,81-85 -r | > # --max-parallelism 1 --max-scan-delay 100 --max-retries 0 X.Y.Z.100 | > | | Here you have told Nmap to send only one probe at a time | (--max-scan-delay 100). So it needs to wait for each to finish before | it starts the next one. Otherwise it would be violating your | parallelism restriction (the way Nmap interprets --max-parallelism). | So if you want it to scan faster, you need to decrease the max | round-trip-time (so Nmap doesn't wait as long to finish each probe) or | increase the number of probes allowed in parallel. I know, but serializing sometimes is necessary to scan heavily rate-limited networks while preserving accuracy. In this case, scanning 5 (or more) ports in parallel leads to false negative; less than 5 leads to an excessive slow scan. So I would expect and prefer more fine grained control over serial (and parallel) scan. Moreover, with "--max-parallelism 2", --max-scan-delay 100 seems to be not honored as well: SENT (1.0720s) TCP 10.0.0.10:57477 > X.Y.Z.100:2 S ttl=41 id=50478 iplen=44 seq=2366825438 win=2048 SENT (1.0720s) TCP 10.0.0.10:57477 > X.Y.Z.100:3 S ttl=50 id=61342 iplen=44 seq=2366825438 win=3072 SENT (2.0720s) TCP 10.0.0.10:57477 > X.Y.Z.100:4 S ttl=48 id=14443 iplen=44 seq=2366825438 win=1024 SENT (2.0820s) TCP 10.0.0.10:57477 > X.Y.Z.100:80 S ttl=40 id=63133 iplen=44 seq=2366825438 win=1024 But I suppose the way Nmap interprets the send-delay with --max-parallelism is not the way I do :) And also with "--max-rtt-timeout 500", --max-scan-delay 100 seems to be not honored as well: SENT (1.0820s) TCP 10.0.0.10:63685 > X.Y.Z.100:2 S ttl=48 id=35815 iplen=44 seq=2773645138 win=1024 SENT (1.5930s) TCP 10.0.0.10:63685 > X.Y.Z.100:3 S ttl=49 id=62855 iplen=44 seq=2773645138 win=2048 SENT (2.1020s) TCP 10.0.0.10:63685 > X.Y.Z.100:4 S ttl=55 id=22461 iplen=44 seq=2773645138 win=4096 SENT (2.6130s) TCP 10.0.0.10:63685 > X.Y.Z.100:80 S ttl=57 id=7575 iplen=44 seq=2773645138 win=2048 And we can't set max-rtt-timeout to 100 when rtt is about 150 ms. So it's a question of compromise.. but a more fine grained control over both serial and parallel scan would be the best solution, IMHO. Cheers, ph. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- max-scan-delay not honored? Filippo Solinas (Mar 10)
- Re: max-scan-delay not honored? Fyodor (Mar 10)
- Re: max-scan-delay not honored? Fyodor (Mar 10)
- Re: max-scan-delay not honored? Filippo Solinas (Mar 10)
- Re: max-scan-delay not honored? Fyodor (Mar 10)
- Re: max-scan-delay not honored? Filippo Solinas (Mar 11)
- Re: max-scan-delay not honored? Fyodor (Mar 10)