Nmap Development mailing list archives
Syn scan
From: "Scott Pate" <spate () Spohncentral com>
Date: Tue, 15 Aug 2006 11:09:57 -0500
I am syn scanning a network range across the internet, certain hosts respond with a reset (R) but nmap still continues to send syn packets to that host (and port), which causes the scan to take a long time. Is there a config settting (i.e max_rtt, max_host_group) that will tell nmap to accept the first response and move on? nmap command is# nmap -sS -P0 <ip range> 10:59:33.318020 IP x.x.x.95.22 > x.x.x.175.48097: R 858225152:858225152(0) ack 1515960848 win 0 10:59:42.855706 IP x.x.x.95.22 > x.x.x.175.48098: R 1389151331:1389151331(0) ack 1532738320 win 0 10:59:49.976011 IP x.x.x.95.22 > x.x.x.175.48099: R 1981745601:1981745601(0) ack 1415296016 win 0 11:00:01.847060 IP x.x.x.95.22 > x.x.x.175.48100: R 1975606349:1975606349(0) ack 1432073488 win 0 11:00:16.615551 IP x.x.x.95.22 > x.x.x.175.48101: R 8054798:8054798(0) ack 1448850960 win 0 11:00:23.499118 IP x.x.x.95.22 > x.x.x.175.48102: R 145530803:145530803(0) ack 1465628432 win 0 11:00:29.111521 IP x.x.x.95.22 > x.x.x.175.48103: R 1440456653:1440456653(0) ack 1348186128 win 0 11:00:40.183058 IP x.x.x.95.22 > x.x.x.175.48104: R 1911804607:1911804607(0) ack 1364963600 win 0 11:00:53.455510 IP x.x.x.95.22 > x.x.x.175.48105: R 135027142:135027142(0) ack 1381741072 win 0 11:01:00.165945 IP x.x.x.95.22 > x.x.x.175.48106: R 1729718089:1729718089(0) ack 1398518544 win 0 11:01:05.320353 IP x.x.x.95.22 > x.x.x.175.48107: R 1695076272:1695076272(0) ack 1281076240 win 0 11:01:10.414445 IP x.x.x.95.22 > x.x.x.175.48108: R 29104851:29104851(0) ack 1297853712 win 0 11:01:15.606845 IP x.x.x.95.22 > x.x.x.175.48109: R 538736074:538736074(0) ack 1314631184 win 0 11:01:20.738323 IP x.x.x.95.22 > x.x.x.175.48110: R 872948432:872948432(0) ack 1331408656 win 0 11:01:34.272530 IP x.x.x.95.22 > x.x.x.175.48111: R 1720490360:1720490360(0) ack 1213966352 win 0 11:01:51.787126 IP x.x.x.95.22 > x.x.x.175.48112: R 313714946:313714946(0) ack 1230743824 win 0 11:02:06.878114 IP x.x.x.95.22 > x.x.x.175.48113: R 597726570:597726570(0) ack 1247521296 win 0 11:02:19.225746 IP x.x.x.95.22 > x.x.x.175.48114: R 502046576:502046576(0) ack 1264298768 win 0 11:02:28.789498 IP x.x.x.95.22 > x.x.x.175.48115: R 854897043:854897043(0) ack 1146856464 win 0 11:02:38.127808 IP x.x.x.95.22 > x.x.x.175.48116: R 844513816:844513816(0) ack 1163633936 win 0 11:02:45.006324 IP x.x.x.95.22 > x.x.x.175.48117: R 1729932408:1729932408(0) ack 1180411408 win 0 11:02:52.383482 IP x.x.x.95.22 > x.x.x.175.48118: R 1529550828:1529550828(0) ack 1197188880 win 0 11:03:02.069720 IP x.x.x.95.22 > x.x.x.175.48119: R 466149259:466149259(0) ack 1079746576 win 0 11:03:09.967660 IP x.x.x.95.22 > x.x.x.175.48120: R 634354908:634354908(0) ack 1096524048 win 0 11:03:22.427764 IP x.x.x.95.22 > x.x.x.175.48121: R 8919061:8919061(0) ack 1113301520 win 0 Scott Pate Security Consultant Spohn & Associates 512-685-1000 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Syn scan Scott Pate (Aug 15)