Re: Nmap on Solaris 9 and Solaris 10 not working right? Going way too slow.

[David Fifield <david () bamsoftware com>]

On Thu, Aug 07, 2008 at 06:26:46PM +0000, jayrhine () comcast net wrote:
> For Solaris 10, with the nmap 4.68 compiled from source, the scan took
> about 330 seconds (11 times slower than the linux scan!).  After it
> displays the following messages it goes to a complete crawl.
>
> Increasing send delay for x.x.x.x  from 0 to 5 due to max_successful_tryno increase to 4
> Increasing send delay for x.x.x.x  from 5 to 10 due to max_successful_tryno increase to 5
> Increasing send delay for x.x.x.x  from 10 to 20 due to max_successful_tryno increase to 6
> Increasing send delay for x.x.x.x  from 20 to 40 due to max_successful_tryno increase to 7
> Increasing send delay for x.x.x.x  from 40 to 80 due to max_successful_tryno increase to 8
> Increasing send delay for x.x.x.x  from 80 to 160 due to 11 out of 14 dropped probes since last increase.
> Increasing send delay for x.x.x.x  from 160 to 320 due to max_successful_tryno increase to 9
>
> I also find that on Solaris 10 (and Solaris 9) if I run 2 short nmap
> scans quickly one after another, that the results often change showing
> me some ports that should be opened or closed as filtered.  This
> results are not consistent, sometimes multiple scans in a row will not
> show these weird filtered points and sometimes they will not.  I have
> never observed this behaviour on Linux.

Just a guess, can you run the scans on Solaris again with the -d3
option? Somewhere near the end of the output there will be a line like

pcap stats: 1717 packets received by filter, 0 dropped by kernel.

If the second number is not 0, that points to a packet capture problem.
-d3 prints a lot of output so you should redirect it to a file.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org