Re: Nmap question (timeout versus scan-delay)

[Martin Mačok <martin.macok () underground cz>]

On Wed, Oct 04, 2006 at 04:24:11PM -0400, John P. Wilson wrote:

> I am guessing that timeout is the delay used before retransmitting
> to the same port and scan-delay is the delay when you are finished
> investigating one port before scanning the next port?

No, it's a delay between single probes (there may be more than one
probe to a single port) not between investigations of different ports.

"Timeout" is the maximum time it will be waited for eventual probe
reply. Also note that more than one probe can (and by default it will)
be sent during that period (more ports can be probed in parallel).
"Scan-delay" is the minimal time between two probes (the scan will be
serialized).

The main difference is that when the reply arrives before "timeout"
then the next probe will be sent immediately (well, not exactly in all
cases...) but with "scan-delay" it will wait the whole delay period
anyway before sending another probe.

I hope it's clearer now but feel free to ask again :-)

Martin Mačok
ICT Security Consultant

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org