Re: massping issue

[Justin Azoff <JAzoff () uamail albany edu>]

David Fifield wrote:
> On Thu, Apr 02, 2009 at 09:06:50AM -0400, Justin Azoff wrote:
> > Hi, since upgrading from debian etch nmap to debian lenny nmap (4.11 to
> > 4.62) I noticed that a script that runs a ping scan across our /16
> > stopped finding 90% of the hosts.
> Thanks for your detailed report. I don't think --host-timeout is what
> you want here. You want --max-rtt-timeout instead. --host-timeout is an
> absolute start-to-finish limit on total time taken for each host.
> Because 4096 hosts are scanned in parallel during ping scan, you are
> only allowing 2 seconds to scan all 4096 of them.

That makes sense..

> The reason you got more hosts with 4.11 is that massping didn't respect
> --host-timeout in that version. The option simply didn't have an effect
> during ping scans. Now host are allowed to time out during ping scans,
> and two seconds

ah, so it's been using the default timeouts all this time and I never
noticed :-)

> So try using --max-rtt-timeout instead. Host timeouts are usually
> specified in at least minutes, and RTT timeouts are usually in
> milliseconds.
>
> David Fifield

Yep, that fixed things right up.  I usually use --max-rtt-timeout for
port scans, ping sweeps were the only place I was still using
--host-timeout.


-- 
-- Justin Azoff
-- Network Performance Analyst

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org