Nmap Development mailing list archives

Syn scan

From: "Scott Pate" <spate () Spohncentral com>
Date: Tue, 15 Aug 2006 11:09:57 -0500
I am syn scanning a network range across the internet, certain hosts
respond with a reset (R) but nmap still continues to send syn packets to
that host (and port), which causes the scan to take a long time.  Is
there a config settting (i.e max_rtt, max_host_group) that will tell
nmap to accept the first response and move on?
 
nmap command is# nmap -sS -P0 <ip range>
 
10:59:33.318020 IP x.x.x.95.22 > x.x.x.175.48097: R
858225152:858225152(0) ack 1515960848 win 0

10:59:42.855706 IP x.x.x.95.22 > x.x.x.175.48098: R
1389151331:1389151331(0) ack 1532738320 win 0

10:59:49.976011 IP x.x.x.95.22 > x.x.x.175.48099: R
1981745601:1981745601(0) ack 1415296016 win 0

11:00:01.847060 IP x.x.x.95.22 > x.x.x.175.48100: R
1975606349:1975606349(0) ack 1432073488 win 0

11:00:16.615551 IP x.x.x.95.22 > x.x.x.175.48101: R 8054798:8054798(0)
ack 1448850960 win 0

11:00:23.499118 IP x.x.x.95.22 > x.x.x.175.48102: R
145530803:145530803(0) ack 1465628432 win 0

11:00:29.111521 IP x.x.x.95.22 > x.x.x.175.48103: R
1440456653:1440456653(0) ack 1348186128 win 0

11:00:40.183058 IP x.x.x.95.22 > x.x.x.175.48104: R
1911804607:1911804607(0) ack 1364963600 win 0

11:00:53.455510 IP x.x.x.95.22 > x.x.x.175.48105: R
135027142:135027142(0) ack 1381741072 win 0

11:01:00.165945 IP x.x.x.95.22 > x.x.x.175.48106: R
1729718089:1729718089(0) ack 1398518544 win 0

11:01:05.320353 IP x.x.x.95.22 > x.x.x.175.48107: R
1695076272:1695076272(0) ack 1281076240 win 0

11:01:10.414445 IP x.x.x.95.22 > x.x.x.175.48108: R 29104851:29104851(0)
ack 1297853712 win 0

11:01:15.606845 IP x.x.x.95.22 > x.x.x.175.48109: R
538736074:538736074(0) ack 1314631184 win 0

11:01:20.738323 IP x.x.x.95.22 > x.x.x.175.48110: R
872948432:872948432(0) ack 1331408656 win 0

11:01:34.272530 IP x.x.x.95.22 > x.x.x.175.48111: R
1720490360:1720490360(0) ack 1213966352 win 0

11:01:51.787126 IP x.x.x.95.22 > x.x.x.175.48112: R
313714946:313714946(0) ack 1230743824 win 0

11:02:06.878114 IP x.x.x.95.22 > x.x.x.175.48113: R
597726570:597726570(0) ack 1247521296 win 0

11:02:19.225746 IP x.x.x.95.22 > x.x.x.175.48114: R
502046576:502046576(0) ack 1264298768 win 0

11:02:28.789498 IP x.x.x.95.22 > x.x.x.175.48115: R
854897043:854897043(0) ack 1146856464 win 0

11:02:38.127808 IP x.x.x.95.22 > x.x.x.175.48116: R
844513816:844513816(0) ack 1163633936 win 0

11:02:45.006324 IP x.x.x.95.22 > x.x.x.175.48117: R
1729932408:1729932408(0) ack 1180411408 win 0

11:02:52.383482 IP x.x.x.95.22 > x.x.x.175.48118: R
1529550828:1529550828(0) ack 1197188880 win 0

11:03:02.069720 IP x.x.x.95.22 > x.x.x.175.48119: R
466149259:466149259(0) ack 1079746576 win 0

11:03:09.967660 IP x.x.x.95.22 > x.x.x.175.48120: R
634354908:634354908(0) ack 1096524048 win 0

11:03:22.427764 IP x.x.x.95.22 > x.x.x.175.48121: R 8919061:8919061(0)
ack 1113301520 win 0

 
Scott Pate
Security Consultant
Spohn & Associates
512-685-1000
 

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Current thread:

Syn scan Scott Pate (Aug 15)