Re: RTT Timeouts

[Fyodor <fyodor () insecure org>]

On Fri, Jan 15, 2010 at 03:20:39PM -0500, Jon Kibler wrote:
> I have been playing with speeding up the scanning of a system that is
> one hop away from my probe box. When I ping the system, the RTT for the
> first ping is about 1.5ms (mostly ARP), and thereafter it is more like
> 0.25ms to 0.33ms.
>
> However, because I am doing a deep version probe of all ports (TCP and
> UDP), the scan takes "forever" to complete. I would like to set the
> min-rtt-timeout to be about 0.5ms and the maximum to be about 2.5ms.

Hi Jon.  The rtt-timeout values mostly only matter for port scan
timing, and the vast majority of time spent on your fast network is
probably in version detection.  With -v, you can watch how long the
different scan segments are taking.  Version detection often has to
wait 5+ seconds per probe because even though the network is fast,
applications often respond much more slowly.  For example, many will
do a whole reverse DNS lookup on the client before responding.

To speed this up, you'll want to increase parallelization so that many
of these 5s timeouts are occuring concurrently rather than
sequentially.  You can do this by raising the --min-hostgroup and
--min-parallelism.  You can also speed things up by specifying
--version-light, though version detection might not identify some
services on nonstandard ports.

Cheers,
Fyodor
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/