Long disjointed list of ports causing performance drop??

[Steve <il_dharmabum () yahoo com>]

I am using nmap in a phased manner to perform vulnerability testing on large networks for my clients.  I'm currently 
utilizing 5 phases as follows:
   
  1 - pings
  2 - No pings & 9 most common ports
  3 - No pings and 48 next most common ports
  4 - Remainder of nmap default port list and no pings
  5 - Remainder of all 65535 ports
   
  I run phase 4 & 5 with -T Aggressive and -sS to ease the impact on my customers' servers and still get the work done 
in a reasonable time.
   
  I also use a list of IP's as input with the -iL so I can parse the output and determine what had found ports vs not 
as I roll through.
   
  Since the port list for 4 & 5 is fairly disjointed (e.g 1-5,7-9,11,13,etc), it takes up a lot of space on the command 
line.
   
  It seems that phase 5 takes a considerable amount of memory if I don't use the max_hostgroup and -sT to throttle 
down.  
   
  Questions:
   
  1.  How is a large list of discontinuous ports handled by nmap vs a singe continuous list (1-1024)?  Could the first 
condition cause a larger memory requirement?
   
  2. Is there a difference in memory requirements if I use a list of IP's, one per line, vs a specific sequence 
(10.10.10.10-255)?
   
  3. Could the large list of ports require more memory as I work my way through a relatively long list of IP's?   
   
  Thanks and keep up the great work!
   
  TIA,
  Digger

                
---------------------------------
 Yahoo! Autos. Looking for a sweet ride? Get pricing, reviews, & more on new and used cars.


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev